Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-4122

Related Vulnerabilities: CVE-2021-4122  

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.

Source

Description

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.

Statement

Red Hat Enterprise Linux version 7 and older are not affected since they do not support online reencryption.

Red Hat Enterprise Linux version 7 and older are not affected since they do not support online reencryption.

Additional Information

  • Bugzilla 2032401: CVE-2021-4122 cryptsetup: disable encryption via header rewrite
  • CWE-345: Insufficient Verification of Data Authenticity
  • FAQ: Frequently asked questions about CVE-2021-4122

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started