Your submission was sent successfully! Close

CVE-2021-4122

Published: 13 January 2022

decryption through LUKS2 reencryption crash recovery

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
cryptsetup
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (2:2.2.2-3ubuntu2.4)
hirsute Ignored
(reached end-of-life)
impish
Released (2:2.3.7-0ubuntu0.21.10.1)
jammy
Released (2:2.4.3-1ubuntu1)
trusty Not vulnerable
(code not present)
upstream
Released (2.4.3,2.3.7)
xenial Not vulnerable
(code not present)

Notes

AuthorNote
amurray
Vulnerability is in the online re-encryption feature which is only supported by cryptsetup >= 2.2.0
mdeslaur
per upstream, the backport to 2.2 would be very problematic and
it is suggested that the best option is to disable online
reencryption

References

Bugs