Unrated severityNVD Advisory· Published Aug 24, 2022· Updated Aug 3, 2024
CVE-2021-4122
CVE-2021-4122
Description
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords7 versionspkg:rpm/almalinux/cryptsetup-develpkg:rpm/opensuse/cryptsetup&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/cryptsetup&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/varnish&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/cryptsetup&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/cryptsetup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/varnish&distro=SUSE%20Package%20Hub%2015%20SP4
< 2.3.3-4.el8_5.1+ 6 more
- (no CPE)range: < 2.3.3-4.el8_5.1
- (no CPE)range: < 2.3.7-150300.3.5.1
- (no CPE)range: < 2.4.3-1.1
- (no CPE)range: < 7.1.0-bp154.2.3.1
- (no CPE)range: < 2.3.7-150300.3.5.1
- (no CPE)range: < 2.3.7-150300.3.5.1
- (no CPE)range: < 7.1.0-bp154.2.3.1
Patches
Vulnerability mechanics
References
5- access.redhat.com/security/cve/CVE-2021-4122mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356cmitrex_refsource_MISC
- mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.4/v2.4.3-ReleaseNotesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.