CNNVD-202509-1780 Information
CNNVD ID
CNNVD-202509-1780
Related CVE
- CNNVD Published: 2025-09-12
Description (Chinese)
dstack是Dstack TEE开源的一个TEE部署工具。 dstack 0.5.4之前版本存在安全漏洞,该漏洞源于恶意主机可能提供特制LUKS2数据卷,导致Wireguard密钥和其他秘密信息泄露,并可能破坏客户机执行。
Description (English)
dstack is a TEE deployment tool for Dstack TEE. There is a security loophole in the previous version of dstack 0.5.4, which stems from the possibility of the malicious mainframe providing a customized LUKS2 data volume, leading to the leaking of Wireguard keys and other secret information and potentially disrupting the implementation of the client machine.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
袋鼠云
Published
2025-09-12
Last Modified
2026-02-24
References
https://github.com/Dstack-TEE/dstack/blob/04de4e422bb06f075b4215b2cfc410f5d7ac7aed/dstack-util/src/system_setup.rs#L453-L456 https://github.com/Dstack-TEE/dstack/commit/e36ad5f732d8821876a861934e1f47cda7b1a130 https://github.com/Dstack-TEE/dstack/security/advisories/GHSA-jxq2-hpw3-m5wf https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/837 https://access.redhat.com/security/cve/cve-2025-59054
Patch
https://github.com/Dstack-TEE/dstack/releases
Share on: