Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-4122

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium. (CVE-2021-4122)

Source

ALAS2022-2022-174

Amazon Linux 2022 Security Advisory: ALAS-2022-174
Advisory Release Date: 2022-11-01 21:24 Pacific
Advisory Updated Date: 2022-11-03 21:01 Pacific

Severity: Medium

References: CVE-2021-4122

Issue Overview:

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium. (CVE-2021-4122)

Affected Packages:

cryptsetup

Issue Correction:
Run dnf update cryptsetup --releasever=2022.0.20221102 to update your system.

New Packages:

aarch64:
    veritysetup-debuginfo-2.4.3-2.amzn2022.0.1.aarch64
    veritysetup-2.4.3-2.amzn2022.0.1.aarch64
    cryptsetup-libs-2.4.3-2.amzn2022.0.1.aarch64
    integritysetup-debuginfo-2.4.3-2.amzn2022.0.1.aarch64
    cryptsetup-devel-2.4.3-2.amzn2022.0.1.aarch64
    integritysetup-2.4.3-2.amzn2022.0.1.aarch64
    cryptsetup-ssh-token-debuginfo-2.4.3-2.amzn2022.0.1.aarch64
    cryptsetup-debugsource-2.4.3-2.amzn2022.0.1.aarch64
    cryptsetup-libs-debuginfo-2.4.3-2.amzn2022.0.1.aarch64
    cryptsetup-reencrypt-2.4.3-2.amzn2022.0.1.aarch64
    cryptsetup-debuginfo-2.4.3-2.amzn2022.0.1.aarch64
    cryptsetup-2.4.3-2.amzn2022.0.1.aarch64
    cryptsetup-reencrypt-debuginfo-2.4.3-2.amzn2022.0.1.aarch64
    cryptsetup-ssh-token-2.4.3-2.amzn2022.0.1.aarch64

i686:
    cryptsetup-libs-2.4.3-2.amzn2022.0.1.i686
    cryptsetup-libs-debuginfo-2.4.3-2.amzn2022.0.1.i686
    cryptsetup-debugsource-2.4.3-2.amzn2022.0.1.i686
    cryptsetup-2.4.3-2.amzn2022.0.1.i686
    cryptsetup-debuginfo-2.4.3-2.amzn2022.0.1.i686
    cryptsetup-reencrypt-2.4.3-2.amzn2022.0.1.i686
    cryptsetup-reencrypt-debuginfo-2.4.3-2.amzn2022.0.1.i686
    cryptsetup-devel-2.4.3-2.amzn2022.0.1.i686
    cryptsetup-ssh-token-2.4.3-2.amzn2022.0.1.i686
    cryptsetup-ssh-token-debuginfo-2.4.3-2.amzn2022.0.1.i686
    integritysetup-debuginfo-2.4.3-2.amzn2022.0.1.i686
    integritysetup-2.4.3-2.amzn2022.0.1.i686
    veritysetup-debuginfo-2.4.3-2.amzn2022.0.1.i686
    veritysetup-2.4.3-2.amzn2022.0.1.i686

src:
    cryptsetup-2.4.3-2.amzn2022.0.1.src

x86_64:
    cryptsetup-ssh-token-debuginfo-2.4.3-2.amzn2022.0.1.x86_64
    cryptsetup-libs-debuginfo-2.4.3-2.amzn2022.0.1.x86_64
    cryptsetup-libs-2.4.3-2.amzn2022.0.1.x86_64
    cryptsetup-reencrypt-debuginfo-2.4.3-2.amzn2022.0.1.x86_64
    integritysetup-debuginfo-2.4.3-2.amzn2022.0.1.x86_64
    cryptsetup-reencrypt-2.4.3-2.amzn2022.0.1.x86_64
    veritysetup-2.4.3-2.amzn2022.0.1.x86_64
    cryptsetup-debugsource-2.4.3-2.amzn2022.0.1.x86_64
    cryptsetup-devel-2.4.3-2.amzn2022.0.1.x86_64
    cryptsetup-2.4.3-2.amzn2022.0.1.x86_64
    veritysetup-debuginfo-2.4.3-2.amzn2022.0.1.x86_64
    cryptsetup-ssh-token-2.4.3-2.amzn2022.0.1.x86_64
    cryptsetup-debuginfo-2.4.3-2.amzn2022.0.1.x86_64
    integritysetup-2.4.3-2.amzn2022.0.1.x86_64

Additional References

Red Hat: CVE-2021-4122

Mitre: CVE-2021-4122

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2022-2022-174

ALAS2022-2022-174

Additional References

Vulmon Search

About

Products

Connect