CVE-2021-4122
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-4122
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4122.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-4122
- Downstream
- Related
- Published
- 2022-08-24T16:15:09.427Z
- Modified
- 2025-11-14T12:24:15.268076Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.
- References
-
- https://access.redhat.com/security/cve/CVE-2021-4122
- https://bugzilla.redhat.com/show_bug.cgi?id=2031859
- https://bugzilla.redhat.com/show_bug.cgi?id=2032401
- https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c
- https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.4/v2.4.3-ReleaseNotes
Affected packages
Git / gitlab.com/cryptsetup/cryptsetup
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.com/cryptsetup/cryptsetup
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
v1_4_2
v1_4_3
v1_5_0
v1_5_1
v1_6_0
v1_6_1
v1_6_2
v1_6_3
v1_6_4
v1_6_5
v1_6_6
v1_6_7
v1_6_8
v1_7_0
v2.*
v2.0.0
v2.0.0-rc0
v2.0.0-rc1
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.1.0
v2.2.0
v2.2.0-rc0
v2.2.0-rc1
v2.2.1
v2.2.2
v2.3.0
v2.3.0-rc0
v2.3.1
v2.3.2
v2.3.3
v2.4.0
v2.4.0-rc0
v2.4.0-rc1
v2.4.1
v2.4.2
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "280583083633981402384101864126374883680",
"length": 3782.0
},
"target": {
"file": "lib/luks2/luks2_reencrypt.c",
"function": "reencrypt_load_by_passphrase"
},
"signature_version": "v1",
"id": "CVE-2021-4122-0f056aff",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"30232732537702908620677538415576625375",
"226899050737051827622489035532079516619",
"100301087747651152887678366955260905774",
"57069836659847097420184984622378406442",
"210315452777968003498475117483492970601",
"227294705111980599500935209209943982409",
"200647087148236740910778222814870820020",
"140203482773118558925957559736377562599",
"18002782061390375986255561766876481027",
"260812771520799075124363380318066993705",
"218166068297067935076386151905800559168",
"118277577782542416065440840350793174150",
"275340091365753888434691927761624808196",
"310656081205261081706598108968462133693",
"163546931062024968240777094730349747782",
"302238744662940970017380643143856951981",
"117549415332556271945313515980993273562"
]
},
"target": {
"file": "lib/luks2/luks2_keyslot.c"
},
"signature_version": "v1",
"id": "CVE-2021-4122-13d02013",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"229533184189874078191172006230479060735"
]
},
"target": {
"file": "lib/luks2/luks2.h"
},
"signature_version": "v1",
"id": "CVE-2021-4122-1aec69d4",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"193422928526178610764225453717526529612",
"214512679249377912395334810158705390911",
"220317002438241394263186426213134311883",
"149990553798582294795564610976754062031",
"268119641257374591487204144687626890584",
"14330040233253226749372236386912913178",
"250478416473510099015395475824018175738",
"97819853104061615585707364011302368115",
"331011034105796640554226602157144142551",
"264290276162489175592627040813641300641",
"339459831611179386131939680802407830998",
"311101136380418912257680092783593413841",
"168827795882406385871360871210303301617",
"178304735769795570661583445140603790233"
]
},
"target": {
"file": "lib/setup.c"
},
"signature_version": "v1",
"id": "CVE-2021-4122-1c2dcda9",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"46231182601655516708070233524663597104",
"224112608926874460703848349453319316839",
"69015847232423740255697676338408376007",
"71565915841268012553074374536314391764",
"2932236234913867506529309571899938879",
"72794739920782439681987912964766355678",
"220610300940532800719893618851750461144",
"208386126503759850334306752602861117302",
"2452011062293750757608770229415336389",
"125897401305169399477534967427910273097",
"206086674930141127671490116110976222330",
"256513106088107614534300493953783670567",
"240582498401731467886379040527740739236",
"67807997243773667552009519872304329769",
"6484786474746146437009504781423179688",
"338229448975320693436411836559721467342",
"167907276735872147490096511134961605326",
"279622137303362408545328426071723823289",
"139079920994186176936239401291802120020",
"206281310342728241671569256223971445480",
"264707406724182624205959543715081446555",
"283853479007839067829583826422275347145",
"31003390239268969887725516962069103729",
"197053700061263394999607216500117587336",
"2685959817068268713111875288876075501",
"137380995259966002695916896210514606408",
"144034676048507645286356888295034733443",
"292576617177303141900790694922046099014",
"29628646725186324436364678628344864748",
"198288831451435650184296917743436617282",
"45262532942989460106759826735410977512",
"88756571275279463889316371401537821193",
"19179392577822091441716626896560188680",
"129496653848828165009074667524864802594",
"27902600029846502209904589757289361220",
"212501139675784861884649321636854628620"
]
},
"target": {
"file": "lib/luks2/luks2_json_metadata.c"
},
"signature_version": "v1",
"id": "CVE-2021-4122-2032cdf8",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"222803837892361236638537830560287911263",
"75675767703528167153372063305403502109",
"132151590132488500572828585369276084554",
"51687430285729188219131027227097956189",
"154563649829051148024813527237967311796"
]
},
"target": {
"file": "lib/luks2/luks2_internal.h"
},
"signature_version": "v1",
"id": "CVE-2021-4122-297c2b35",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "231111618382801146553965144778668319290",
"length": 743.0
},
"target": {
"file": "lib/luks2/luks2_json_metadata.c",
"function": "LUKS2_config_get_requirements"
},
"signature_version": "v1",
"id": "CVE-2021-4122-2da818e2",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"71527949442570837539128099171364531890",
"17666226990284569091447256493543814176",
"155646402420083986891765801113063914304",
"159300226775464302333819137408095947715",
"312731325029142493700567391924042724604",
"327969385320937748105307126927199694636",
"39733110941925615081051429200512759466",
"106853615242888887688600213516842924749",
"142312346491990648660773858316149877637",
"179538203215466526497180160680816524552",
"326340642656970996288300374009757962319",
"75820690976999397549142353351043987318",
"226031482665490460195974167188027690014",
"162768110715370050897725434260927541179",
"16173526585455077635912307870069286250",
"166342706008813434051149274634293593916",
"43166420076411095938708194408988654898",
"18735156731369680467460087624018090307",
"30268764874110208689623942074872154227",
"14650516440128284934530120783848899539",
"281819847597721762022704080290676535101",
"211758513843354235281547022931341461544",
"98037720357914806106212350718507636050",
"259609377698501449082152356980494483484",
"39134733624135609536906175992246420997",
"220292094207418664256570556938194992176",
"81893458518733672939934044302493890098",
"34674460822913158497662977361669461876",
"334569256747025232403737565721226121491",
"308476368208708124954089619896910576711",
"229480047687454597629642774288074134256",
"128060274469555875941300287571820925010",
"108273001259023160111452662127337217574",
"257225612726141250498257043034492474458",
"207369334502162787292259248194023116615",
"225337477239938318092512696847063471231",
"240268363117548598694583663206840682139",
"175360371039478300745821723414195634275",
"148299451092371921587910108433738091137",
"293234896645820122893078975962676122940",
"120607951497944482535915401470695046926",
"24500187300963294506406053347578779775",
"120382343606477119430180789548071513465",
"124601925049855021241219928343722266093",
"79710592664835819722034568872925006341",
"18370188827889518747814720625761404816",
"175234065597820323714777761210863809454"
]
},
"target": {
"file": "lib/luks2/luks2_reencrypt.c"
},
"signature_version": "v1",
"id": "CVE-2021-4122-3f72d29f",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "137043537879747408395383187308486516470",
"length": 506.0
},
"target": {
"file": "lib/luks2/luks2_keyslot.c",
"function": "LUKS2_keyslot_area"
},
"signature_version": "v1",
"id": "CVE-2021-4122-4bbbf1c1",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "338166959967147955209234897669591738159",
"length": 679.0
},
"target": {
"file": "lib/luks2/luks2_reencrypt.c",
"function": "reencrypt_load"
},
"signature_version": "v1",
"id": "CVE-2021-4122-5f4af1e6",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "235269997061953916513679884419444083640",
"length": 563.0
},
"target": {
"file": "lib/setup.c",
"function": "_open_and_activate_luks2"
},
"signature_version": "v1",
"id": "CVE-2021-4122-63805ada",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "210288093199455164781477651976813875503",
"length": 1139.0
},
"target": {
"file": "lib/luks2/luks2_json_metadata.c",
"function": "LUKS2_config_set_requirements"
},
"signature_version": "v1",
"id": "CVE-2021-4122-639f4ffd",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "95505938889632888516216132268577428014",
"length": 4340.0
},
"target": {
"file": "lib/luks2/luks2_reencrypt.c",
"function": "reencrypt_init"
},
"signature_version": "v1",
"id": "CVE-2021-4122-764a6e11",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"282199074063632969436349940632856623192",
"303837865479555682342154663634542567614",
"134363837491737712141786229925894019870",
"256976157891017164809459992679687964043",
"182576869089759391629278990384034686538",
"307466094275546557692673559447694800834"
]
},
"target": {
"file": "lib/luks2/luks2_keyslot_reenc.c"
},
"signature_version": "v1",
"id": "CVE-2021-4122-76a4de7c",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "220868631105894576907179084446445356065",
"length": 708.0
},
"target": {
"file": "lib/luks2/luks2_reencrypt.c",
"function": "reencrypt_recovery"
},
"signature_version": "v1",
"id": "CVE-2021-4122-93e12c3f",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "321617772863065084398096143904109685690",
"length": 1690.0
},
"target": {
"file": "lib/setup.c",
"function": "_open_and_activate_reencrypt_device"
},
"signature_version": "v1",
"id": "CVE-2021-4122-a3836cd0",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "109013237094827113979040709763486976537",
"length": 3114.0
},
"target": {
"file": "lib/luks2/luks2_reencrypt.c",
"function": "reencrypt_step"
},
"signature_version": "v1",
"id": "CVE-2021-4122-a7636ebe",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "302011889753504769371368417191478394126",
"length": 1814.0
},
"target": {
"file": "lib/luks2/luks2_reencrypt.c",
"function": "crypt_reencrypt_run"
},
"signature_version": "v1",
"id": "CVE-2021-4122-a7d081f7",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "133909510209946210242231519014827053130",
"length": 1175.0
},
"target": {
"file": "lib/luks2/luks2_reencrypt.c",
"function": "reencrypt_keyslot_update"
},
"signature_version": "v1",
"id": "CVE-2021-4122-b8345a88",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "317439171003814763278752907044432103689",
"length": 278.0
},
"target": {
"file": "lib/luks2/luks2_json_metadata.c",
"function": "get_requirement_by_name"
},
"signature_version": "v1",
"id": "CVE-2021-4122-be0949d1",
"deprecated": false,
"source": "https://gitlab.com/cryptsetup/cryptsetup@0113ac2d889c5322659ad0596d4cfc6da53e356c",
"signature_type": "Function"
}
]