CVE-2021-4122
24.08.2022, 16:15
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| cryptsetup_project | cryptsetup | 𝑥 < 2.3.7 |
| cryptsetup_project | cryptsetup | 2.4.0 ≤ 𝑥 < 2.4.3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| cryptsetup |
| ||||||||||||||||||||||||||||||
| cryptsetup-doc |
| ||||||||||||||||||||||||||||||
| cryptsetup-lang |
| ||||||||||||||||||||||||||||||
| cryptsetup-ssh |
| ||||||||||||||||||||||||||||||
| libcryptsetup-devel |
| ||||||||||||||||||||||||||||||
| libcryptsetup12 |
| ||||||||||||||||||||||||||||||
| libcryptsetup12-32bit |
| ||||||||||||||||||||||||||||||
| libcryptsetup12-hmac |
| ||||||||||||||||||||||||||||||
| libcryptsetup12-hmac-32bit |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
References