Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Debian Bullseye DSA-5070-1 Critical: Cryptsetup Decryption Problem

debian
Calendar Grey February 10, 2022
Debian Logo
Debian Security Announcement DSA-5071-2 reveals a serious vulnerability in the GnuPG tool, necessitating prompt updates for impacted users.
CVE-2021-4122 Milan Broz, its maintainer, discovered an issue in cryptsetup, the disk encryption configuration tool for Linux

Summary

Milan Broz, its maintainer, discovered an issue in cryptsetup, the disk
encryption configuration tool for Linux.

LUKS2 (an on-disk format) online reencryption is an optional extension to
allow a user to change the data reencryption key while the data device is
available for use during the whole reencryption process.

An attacker can modify on-disk metadata to simulate decryption in progress
with crashed (unfinished) reencryption step and persistently decrypt part
of the LUKS2 device (LUKS1 devices are indirectly affected as well, see
below).

This attack requires repeated physical access to the LUKS2 device but no
knowledge of user passphrases.

The decryption step is performed after a valid user activates the device
with a correct passphrase and modified metadata.

The size of possible decrypted data per attack step depends on configured
LUKS2 header size (metadata size is configurable for LUKS2). With the
default LUK...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: cryptsetup
CVE ID: CVE-2021-4122

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.