CVE-2021-4122: cryptsetup 2.x: decryption through LUKS2 reencryption crash recovery

Debian Bug report logs - #1003686
CVE-2021-4122: cryptsetup 2.x: decryption through LUKS2 reencryption crash recovery

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Guilhem Moulin <guilhem@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2021-4122: cryptsetup 2.x: decryption through LUKS2 reencryption crash recovery

Date: Thu, 13 Jan 2022 19:00:13 +0100

[Message part 1 (text/plain, inline)]

Source: cryptsetup
Severity: grave
Tags: security upstream
Justification: root security hole
Control: found -1 2:2.3.5-1
Control: found -1 2:2.4.2-1
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Quoting <https://seclists.org/oss-sec/2022/q1/34>:

| CVE-2021-4122 describes a possible attack against data confidentiality
| through LUKS2 online reencryption extension crash recovery.
| 
| An attacker can modify on-disk metadata to simulate decryption in
| progress with crashed (unfinished) reencryption step and persistently
| decrypt part of the LUKS device.
| 
| This attack requires repeated physical access to the LUKS device but
| no knowledge of user passphrases.
| 
| The decryption step is performed after a valid user activates
| the device with a correct passphrase and modified metadata.
| There are no visible warnings for the user that such recovery happened
| (except using the luksDump command). The attack can also be reversed
| afterward (simulating crashed encryption from a plaintext) with
| possible modification of revealed plaintext.
| […]
| The issue was found by Milan Broz as cryptsetup maintainer.

Upstream fixes:

  2.3 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/60addcffa6794c29dccf33d8db5347f24b75f2fc
  2.4 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/de98f011418c62e7b825a8ce3256e8fcdc84756e

Buster and earlier are not affected since their respective
(lib)cryptsetup don't support LUKS2 online reencryption.  I'll provide a
debdiff for bullseye-security.

-- 
Guilhem.

[signature.asc (application/pgp-signature, inline)]

Message #12 received at 1003685-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 1003685-close@bugs.debian.org

Subject: Bug#1003685: fixed in cryptsetup 2:2.4.3-1

Date: Thu, 13 Jan 2022 18:50:05 +0000

Source: cryptsetup
Source-Version: 2:2.4.3-1
Done: Guilhem Moulin <guilhem@debian.org>

We believe that the bug you reported is fixed in the latest version of
cryptsetup, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1003685@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guilhem Moulin <guilhem@debian.org> (supplier of updated cryptsetup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 13 Jan 2022 19:07:05 +0100
Source: cryptsetup
Architecture: source
Version: 2:2.4.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1001063 1003685 1003686
Changes:
 cryptsetup (2:2.4.3-1) unstable; urgency=high
 .
   [ Guilhem Moulin ]
   * New upstream security release 2.4.3, with fix for CVE-2021-4122:
     decryption through LUKS2 reencryption crash recovery. (Closes: #1003685,
     #1003686)
   * Remove cryptsetup-initramfs.preinst. (Closes: #1001063)
 .
   [ Christoph Anton Mitterer ]
   * d/rules: don't expand here-document.
Checksums-Sha1:
 7b0e47c9d6b2919d1fcfc531a0e9b82ab79e17ec 3008 cryptsetup_2.4.3-1.dsc
 a35acf0d69229888089f31ad9b56ad3ea96b902b 11434956 cryptsetup_2.4.3.orig.tar.gz
 f4eaf016918c644346cd9242818f57156d4d07e9 127364 cryptsetup_2.4.3-1.debian.tar.xz
 2352fee4f22b11355ecbcfd33b8ed2aa89eeee53 10383 cryptsetup_2.4.3-1_amd64.buildinfo
Checksums-Sha256:
 cfaeab454ad8f8745ab9972a577363bf8e4c187e19135b24ab4719345989ce7e 3008 cryptsetup_2.4.3-1.dsc
 95ee4ec84d59e582eba2409281d8a41a1cc3eff3b4df91fed6dbe1df65b0614f 11434956 cryptsetup_2.4.3.orig.tar.gz
 e0ae663b539bf76b914ddee7b0b96a5d817b2e1db0655e6034955514075affc2 127364 cryptsetup_2.4.3-1.debian.tar.xz
 37f442c3f15fd883dce8025568d0c96a6fe5b8ab925a753065b378a347afa97b 10383 cryptsetup_2.4.3-1_amd64.buildinfo
Files:
 2d9ba9aca62e7b3ed88e713ff2326434 3008 admin optional cryptsetup_2.4.3-1.dsc
 d6f5b44b4a775980c7f57b029e878cfd 11434956 admin optional cryptsetup_2.4.3.orig.tar.gz
 a3bcb368c9ac84959c21a5212e461c40 127364 admin optional cryptsetup_2.4.3-1.debian.tar.xz
 8cf3f0e2c7e5ea789b2764b8421d125f 10383 admin optional cryptsetup_2.4.3-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmHga7YACgkQ05pJnDwh
pVJUSA//RmdVk71zU1g2C5AuYhKh+MSk8kAzVKI3Vux0LNZ0yhkyUMRVtAvyFrf1
hw045l9oWfTSaeskSeyPKd5t6OWK7WOW52f1ZZtMJ7LGvFvEcm47tbBF1oPiEZUF
VHAvHouSDDiHggs3nR05Gda1dGxyoZx1gTYAOKiak9iYUr/qQmQkyvcya5KSarIl
etojCGya/8qvL26jX00Uv8v6t4+Ya0kJlcQw5i+ZRVIl17GMiE8YbGE56vOnf7uY
rEEGQ70/6NcxQocErA3xhTfkggGoAgqV+Ojb2LtLgrT5kWZVBnNnKehx/gVPQKoO
uZ3XopYUv2iLXtyjQp9oFuswTk03QOTSIebdIcAKqwHIgUqWT84bL/qodvjIUBld
31y9il+PMcIek4LyWbqhJFufrJSlOIVgnBOqGXhS4HvSVbF0L+8lTJzsQpi6hEuJ
F+03NC/NZ8W7vQGXg10sk7fmXFlXub6npgDCMM590eXIp1Ez23WZfc7MWsrV6QNq
RR4ejtdvToAALTB6MsqQFWfVnoZKPj1G9/+oKpbe9bcBLy/jXTFmnrSFegUaHenH
WFffPVJG2Pe8mzJa43rG6LvJEqqTVZMa2ilV7c1kqtZi2rbyBL5AO8X+lO9KOl86
caDyH8W+ToB5ceiNw2sS5U1c1H30guapmIv8Ngz2WtMU31h/4+0=
=O1tU
-----END PGP SIGNATURE-----

Message #17 received at 1003686-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 1003686-close@bugs.debian.org

Subject: Bug#1003686: fixed in cryptsetup 2:2.4.3-1

Date: Thu, 13 Jan 2022 18:50:05 +0000

Source: cryptsetup
Source-Version: 2:2.4.3-1
Done: Guilhem Moulin <guilhem@debian.org>

We believe that the bug you reported is fixed in the latest version of
cryptsetup, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1003686@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guilhem Moulin <guilhem@debian.org> (supplier of updated cryptsetup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 13 Jan 2022 19:07:05 +0100
Source: cryptsetup
Architecture: source
Version: 2:2.4.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1001063 1003685 1003686
Changes:
 cryptsetup (2:2.4.3-1) unstable; urgency=high
 .
   [ Guilhem Moulin ]
   * New upstream security release 2.4.3, with fix for CVE-2021-4122:
     decryption through LUKS2 reencryption crash recovery. (Closes: #1003685,
     #1003686)
   * Remove cryptsetup-initramfs.preinst. (Closes: #1001063)
 .
   [ Christoph Anton Mitterer ]
   * d/rules: don't expand here-document.
Checksums-Sha1:
 7b0e47c9d6b2919d1fcfc531a0e9b82ab79e17ec 3008 cryptsetup_2.4.3-1.dsc
 a35acf0d69229888089f31ad9b56ad3ea96b902b 11434956 cryptsetup_2.4.3.orig.tar.gz
 f4eaf016918c644346cd9242818f57156d4d07e9 127364 cryptsetup_2.4.3-1.debian.tar.xz
 2352fee4f22b11355ecbcfd33b8ed2aa89eeee53 10383 cryptsetup_2.4.3-1_amd64.buildinfo
Checksums-Sha256:
 cfaeab454ad8f8745ab9972a577363bf8e4c187e19135b24ab4719345989ce7e 3008 cryptsetup_2.4.3-1.dsc
 95ee4ec84d59e582eba2409281d8a41a1cc3eff3b4df91fed6dbe1df65b0614f 11434956 cryptsetup_2.4.3.orig.tar.gz
 e0ae663b539bf76b914ddee7b0b96a5d817b2e1db0655e6034955514075affc2 127364 cryptsetup_2.4.3-1.debian.tar.xz
 37f442c3f15fd883dce8025568d0c96a6fe5b8ab925a753065b378a347afa97b 10383 cryptsetup_2.4.3-1_amd64.buildinfo
Files:
 2d9ba9aca62e7b3ed88e713ff2326434 3008 admin optional cryptsetup_2.4.3-1.dsc
 d6f5b44b4a775980c7f57b029e878cfd 11434956 admin optional cryptsetup_2.4.3.orig.tar.gz
 a3bcb368c9ac84959c21a5212e461c40 127364 admin optional cryptsetup_2.4.3-1.debian.tar.xz
 8cf3f0e2c7e5ea789b2764b8421d125f 10383 admin optional cryptsetup_2.4.3-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmHga7YACgkQ05pJnDwh
pVJUSA//RmdVk71zU1g2C5AuYhKh+MSk8kAzVKI3Vux0LNZ0yhkyUMRVtAvyFrf1
hw045l9oWfTSaeskSeyPKd5t6OWK7WOW52f1ZZtMJ7LGvFvEcm47tbBF1oPiEZUF
VHAvHouSDDiHggs3nR05Gda1dGxyoZx1gTYAOKiak9iYUr/qQmQkyvcya5KSarIl
etojCGya/8qvL26jX00Uv8v6t4+Ya0kJlcQw5i+ZRVIl17GMiE8YbGE56vOnf7uY
rEEGQ70/6NcxQocErA3xhTfkggGoAgqV+Ojb2LtLgrT5kWZVBnNnKehx/gVPQKoO
uZ3XopYUv2iLXtyjQp9oFuswTk03QOTSIebdIcAKqwHIgUqWT84bL/qodvjIUBld
31y9il+PMcIek4LyWbqhJFufrJSlOIVgnBOqGXhS4HvSVbF0L+8lTJzsQpi6hEuJ
F+03NC/NZ8W7vQGXg10sk7fmXFlXub6npgDCMM590eXIp1Ez23WZfc7MWsrV6QNq
RR4ejtdvToAALTB6MsqQFWfVnoZKPj1G9/+oKpbe9bcBLy/jXTFmnrSFegUaHenH
WFffPVJG2Pe8mzJa43rG6LvJEqqTVZMa2ilV7c1kqtZi2rbyBL5AO8X+lO9KOl86
caDyH8W+ToB5ceiNw2sS5U1c1H30guapmIv8Ngz2WtMU31h/4+0=
=O1tU
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.