A Year-Old Linux Flaw Has Been Leaving Encryption Keys Exposed
How this was made Verified AI
Every Intellegix briefing is generated from that day's broadcast and run through automated checks before it publishes — with a human paged on any flag. Here is the trail for this edition.
Since Linux kernel version 6.9, shipped in May 2024, the LUKS disk-encryption suspend feature has reportedly stopped wiping disk-encryption keys from memory when a system is suspended — a regression that has sat quietly in production systems for more than a year before being prominently flagged on Hacker News via a Mastodon post by Ingo Blechschmid. The post drew 487 points and 209 comments.
The security implication is concrete. Cold boot attacks, demonstrated convincingly in academic research as far back as 2008 by a Princeton team, exploit the fact that DRAM retains data briefly after power is removed — longer still at low temperatures. An attacker who obtains a suspended laptop, chills the RAM, and extracts it quickly may recover cryptographic key material. Clearing encryption keys from memory on suspend is precisely the mitigation designed to close that window; the regression reopens it.
Anyone running Ubuntu 24.04 or later, Fedora 40 or later, or a rolling distribution such as Arch has almost certainly been running an affected kernel. The attack requires physical access, which limits exposure primarily to targeted scenarios — border crossings, hotel rooms, corporate espionage, state-level adversaries — rather than mass exploitation. The recommended immediate mitigation is to fully power down rather than suspend when operating in sensitive environments. Because it is a regression rather than a novel flaw, a fix is expected to be relatively straightforward once the offending commit is identified, but the distribution pipeline means most users will remain exposed until patched kernels arrive through their normal update channels.
Separately, a project called crustc — the entirety of the Rust compiler translated to C — earned 292 points and 57 comments on its own merits. The practical motivation is bootstrapping: having a C translation of the Rust compiler means the entire Rust toolchain can be built from a C compiler, which is more widely available and auditable on constrained or unusual platforms. The HN discussion connects the project to the broader 'bootstrappable builds' movement and to Ken Thompson's 1984 Turing Award lecture, 'Reflections on Trusting Trust,' which laid out the philosophical problem of a malicious compiler that inserts backdoors invisible to source code review. crustc is, in that framing, an answer to that challenge for the Rust ecosystem.