A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup). This vulnerability allows to obtain a root initramfs shell on affected systems. [...]
During the installation of Ubuntu, one of the first steps is to prepare the target partition (make partitions if needed, and/or format them). At this stage, the user is asked to "Encrypt the new (LXK)ubuntu installation for security".
This isn't as tragic as it at first sounds, because it does not leave the whole drive unlocked; the root shell is in the pre-boot environment. However, from this shell you have the ability to install backdoors in /boot or trojan the kernel itself.
But seriously, how many more times is Linux going to have a "hold down a key to unlock" bug? I'm almost at the point where I need a tag for this.