A vulnerability was found in ecryptfs-setup-swap script that is provided by the upstream ecryptfs-utils project. When GPT swap partitions are located on NVMe or MMC drives, ecryptfs-setup-swap fails to mark these swap partitions as "no-auto". As a consequence, when using encrypted home directory with an NVMe or MMC drive, the swap is left unencrypted. There's also a usability issue in that users are erroneously prompted to enter a pass-phrase to unlock their swap partition at boot. This vulnerability exists due to an incomplete fix for CVE-2015-8946 References: http://seclists.org/oss-sec/2016/q3/52 Debian bug: https://bugs.launchpad.net/ecryptfs/+bug/1597154 Fix: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882
Created ecryptfs-utils tracking bugs for this issue: Affects: fedora-all [bug 1356826]