LUKS-Encrypted Disk Vulnerability in GRUB by Red Hat
CVE-2025-4382

5.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 9 May 2025

Summary

A security flaw exists in systems that utilize LUKS-encrypted disks configured with GRUB for TPM-based auto-decryption. When GRUB automatically decrypts disks using keys stored in TPM, it loads the decryption key into memory. An attacker with physical access can manipulate the filesystem superblock, causing GRUB to fail in locating a valid filesystem, and enter rescue mode. As a result, the disk remains decrypted, exposing the decryption key in system memory. This enables unauthorized access to unencrypted data without authentication, raising significant concerns regarding data confidentiality and integrity.

References

https://access.redhat.com/security/cve/CVE-2025-4382

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2364416

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
May 6, 2025