Excalium← Live feed
cybersecurity-breach · News

Linux 6.9 LUKS suspend stops wiping disk-encryption keys

Linux · Jul 2, 2026 · https://hnrss.org/newest?points=100
L
cybersecurity-breachdata-privacy-regulationsoftware-supply-chain-security

The Linux 6.9 kernel update includes a change where the LUKS disk encryption suspend function no longer wipes disk-encryption keys from memory. Previously, upon system suspension, these keys were cleared, requiring re-entry upon resume. This modification means the keys now persist in memory during suspend states.

This change matters because it introduces a potential security vulnerability. If a suspended Linux system using LUKS encryption is physically accessed by an attacker, the encryption keys could be extracted from memory. This bypasses the protection LUKS normally offers, making the encrypted data accessible without the user's password.

The mechanism involves how the Linux kernel handles memory during system suspend. With the new behavior, the memory region containing the LUKS encryption keys is not actively overwritten or cleared when the system enters a low-power suspend state. This leaves the keys resident and potentially recoverable through specialized physical attacks.

This development primarily impacts companies and users relying on Linux-based systems for sensitive data storage, particularly those subject to data privacy regulations (e.g., GDPR, CCPA). Companies like Red Hat (IBM), SUSE, and Canonical (Ubuntu) that distribute Linux kernels will need to address or communicate this change. It could lead to increased cybersecurity breach risks and compliance challenges for enterprises utilizing Linux servers or workstations.

View original source ↗More Linux news →

Excalium Agent

An AI breakdown of exactly what changed and who it moves.

Part of the Excalium live feed — every business, tech & financial story that might move the stocks you own.