The impact of this bug is rather limited. It only matters when an attacker has a (local, not SSH) access to the console and simultaneously does not have an access to the hard disk.<p>When you have a physical access to the hard disk, you can do the same things without exploiting this bug.
<a href="http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html" rel="nofollow">http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetu...</a><p>If you use Debian, Ubuntu, Fedora and have encrypted the system partition you are potentially vunerable.<p>To exploit, reboot server, hold down enter key for 70+ seconds and you'll be dropped into a root shell.