CVE-2021-4122

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions cryptsetup versions 2.2.0 through 2.3.6 cryptsetup versions 2.4.0 through 2.4.2

Description A flaw was found in cryptsetup that could allow an attacker with physical access to a medium, such as a flash disk, to trick the system into disabling encryption during device recovery. This could force a user into permanently disabling the encryption layer of the medium. The issue is related to the modification of LUKS2 metadata, which can be altered without knowing the encryption key, allowing an attacker to simulate a previously started decryption process and leave some decrypted data in plaintext.

Recommendations For cryptsetup versions 2.2.0 through 2.3.6, update to version 2.3.7 or later. For cryptsetup versions 2.4.0 through 2.4.2, update to version 2.4.3 or later. As a temporary workaround, consider using luksDump to monitor for potential attacks and restrict physical access to encrypted media to minimize the risk of exploitation.

Fix

Insufficient Verification of Data Authenticity

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-400

Related Identifiers

ALSA-2022:0370

ALT-PU-2022-1070

ALT-PU-2024-16854

ALT-PU-2024-8226

ALT-PU-2024-8574

BDU:2022-00586

CESA-2022_0370

CVE-2021-4122

DSA-5070-1

MGASA-2022-0047

OESA-2022-1532

OPENSUSE-SU-2022:0144-1

OPENSUSE-SU-2022_0144-1

OPENSUSE-SU-2024:11754-1

RHSA-2022:0370

RHSA-2022_0370

RLSA-2022:0370

SUSE-SU-2022:0144-1

SUSE-SU-2022_0144-1

USN-5286-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Cryptsetup

CVE-2021-4122

Weakness Enumeration

Related Identifiers

Affected Products

References · 56