Ubuntu Security Flaw Lets Attackers Bypass Full Disk Encryption
#OMGUbuntu article: https://www.omgubuntu.co.uk/2025/07/ubuntu-security-initramfs-bypass-encryption

“Not all #Linux distributions are affected, such as #OpenSUSE_Tumbleweed.”

“#Attackers with physical access to a Linux system can access a debug shell simply by entering the wrong #decryption #password several times in a row. On Ubuntu, they hit esc at the password prompt, punch in a few key combos and debug shell appears.
They can mount a USB drive with tools that let them modify the #initramfs (Initial RAM Filesystem – a temporary system run during boot to prep the main OS) to inject #maliciouscode, and then repack it – without tripping any #security flags.
Then, the next time the owner boots up their #laptop and enters their correct password, the code runs with elevated privileges to do whatever the #attacker wants.”

“Impactful though this exploit could be in the wild, there is no reason for most #Ubuntu users to be concerned about it.
This #vulnerability is what the security industry refer to as an '#evilmaidattack': it requires physical access to a #device to pull off.”

“Finally, protecting against this #vulnerability is easy. Users can simply tweak their system #kernel so that the #computer #reboots on failed password attempts, instead of providing a #debug shell.”