A security issue in Linux 6.9 caused LUKS disk encryption to stop wiping encryption keys from RAM during suspend operations, potentially exposing sensitive data to memory-based attacks.
Linux kernel version 6.9 introduced a regression in LUKS (Linux Unified Key Setup) suspend functionality that breaks a critical security mechanism. The bug prevents encryption keys from being properly wiped from system memory when the system enters suspend mode.
LUKS uses disk encryption to protect data at rest. A standard security practice involves clearing encryption keys from memory during system suspend to prevent attackers with physical access from extracting keys via cold boot attacks or direct memory access. This regression undermines that protection.
The issue gained attention in developer communities, accumulating 151 points and 58 comments on Hacker News, indicating significant concern among security-conscious users and system administrators.
Cold boot attacks—where attackers extract data from RAM immediately after powering off a system—remain a viable threat vector, particularly in environments where physical security cannot be guaranteed. Corporate workstations, shared systems, and portable devices face heightened risk when encryption keys persist in memory during suspend states.
The regression appears to stem from changes made during Linux 6.9 development. The specific commit or architectural change responsible has generated discussion among kernel developers, though details on whether a fix has been implemented or merged remain unclear from available reports.
Users running Linux 6.9 or later versions should evaluate their threat model. Those in environments where cold boot attacks represent a realistic risk may consider reverting to earlier kernel versions or implementing additional security measures until a patch becomes available. System administrators managing LUKS-encrypted systems should prioritize monitoring kernel development channels for security updates.
This incident highlights the subtle security implications that can arise from kernel-level changes, even when modifications address other legitimate technical goals. Encryption implementations require careful handling throughout the entire system lifecycle, including state transitions like suspend operations.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.