Vulnerability Description
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 15.10 |
| Ecryptfs | Ecryptfs-Utils | <= 110 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2016/07/13/2
- http://www.openwall.com/lists/oss-security/2016/07/14/3
- http://www.ubuntu.com/usn/USN-3032-1Third Party Advisory
- https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857
- https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282
- http://www.openwall.com/lists/oss-security/2016/07/13/2
- http://www.openwall.com/lists/oss-security/2016/07/14/3
- http://www.ubuntu.com/usn/USN-3032-1Third Party Advisory
- https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857
- https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282
FAQ
What is CVE-2015-8946?
CVE-2015-8946 is a vulnerability with a CVSS score of 3.3 (LOW). ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local u...
How severe is CVE-2015-8946?
CVE-2015-8946 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8946?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Ecryptfs Ecryptfs-Utils.