PublicDateAtUSN: 2022-01-13
Candidate: CVE-2021-4122
CRD: 2022-01-13
PublicDate: 2022-01-13
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4122
 https://www.openwall.com/lists/oss-security/2022/01/13/2
 https://ubuntu.com/security/notices/USN-5286-1
Description:
 decryption through LUKS2 reencryption crash recovery
Ubuntu-Description:
Notes:
 amurray| Vulnerability is in the online re-encryption feature which is only
  supported by cryptsetup >= 2.2.0
 mdeslaur> per upstream, the backport to 2.2 would be very problematic and
 mdeslaur> it is suggested that the best option is to disable online
 mdeslaur> reencryption
Mitigation:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003686
 https://bugzilla.redhat.com/show_bug.cgi?id=2032401
 https://bugs.launchpad.net/bugs/1959427
Priority: medium
Discovered-by: Milan Broz
Assigned-to: mdeslaur
CVSS:
 redhat: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N [5.9 MEDIUM]


Patches_cryptsetup:
 upstream: https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c (master)
 upstream: https://gitlab.com/cryptsetup/cryptsetup/-/commit/de98f011418c62e7b825a8ce3256e8fcdc84756e (v2.4)
 upstream: https://gitlab.com/cryptsetup/cryptsetup/-/commit/60addcffa6794c29dccf33d8db5347f24b75f2fc (v2.3)
 upstream: https://gitlab.com/cryptsetup/cryptsetup/-/commit/0fd1c62de9c53958a8ef5d436273284e166254c9 (v2.2 disable)
upstream_cryptsetup: released (2.4.3,2.3.7)
trusty/esm_cryptsetup: not-affected (code not present)
esm-infra/xenial_cryptsetup: not-affected (code not present)
bionic_cryptsetup: not-affected (code not present)
focal_cryptsetup: released (2:2.2.2-3ubuntu2.4)
hirsute_cryptsetup: ignored (reached end-of-life)
impish_cryptsetup: released (2:2.3.7-0ubuntu0.21.10.1)
jammy_cryptsetup: released (2:2.4.3-1ubuntu1)
devel_cryptsetup: released (2:2.4.3-1ubuntu1)