In Red Hat Enterprise Linux and Fedora, the scripts used during boot time to ask for user password and decrypt the drive are part of the dracut package. They used to generate the Initial ramdisk (initramfs) and are a part of the initramfs image file.
The attacker needs to have physical access to the machine in order to exploit this flaw. The attack consists of gaining access to the shell after wrong luks password has been entered during the boot process. Once shell access is obtained various brute force attacks (both manual and automated) can be carried out. The contents of the drive can also be copied off to do conduct offline brute force attacks on another computer.
Red Hat Product Security encourages users of Red Hat Enterprise Linux 6 and 7 to use the mitigation described in the link below. No updated packages are currently available.
For more information please refer to: https://access.redhat.com/articles/2786581
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
|CVSS3 Base Score||6.8|
|CVSS3 Base Metrics||CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H|
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Affected Packages State
|Red Hat Enterprise Linux 7||dracut||Will not fix|
|Red Hat Enterprise Linux 6||dracut||Will not fix|