LUKS is the standard rig for executing Linux hard disk encryption.
LUKS is often put into action with Cryptsetup.
The problem lies in the Cryptsetup default configuration file, which is a bad one.
The vulnerability is very reliable because it doesnt depend on specific systems or configurations.
Note that in cloud environments it is also possible to remotely exploit this vulnerability without having physical access.
Marco says that Cryptsetup understands this error as a slow gadget that needs more time to warm-up.
However, the good news is that the problem is incredibly simple to fix.
Marco and Ripoll have developed a patch and a workaround that will mitigate the attack.
According to the pair, the vulnerability could have been introduced when other security fixes were implemented.
source: www.techworm.net
