Source: cryptsetup Severity: grave Tags: security upstream Justification: root security hole Control: found -1 2:2.3.5-1 Control: found -1 2:2.4.2-1 X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Quoting <https://seclists.org/oss-sec/2022/q1/34>: | CVE-2021-4122 describes a possible attack against data confidentiality | through LUKS2 online reencryption extension crash recovery. | | An attacker can modify on-disk metadata to simulate decryption in | progress with crashed (unfinished) reencryption step and persistently | decrypt part of the LUKS device. | | This attack requires repeated physical access to the LUKS device but | no knowledge of user passphrases. | | The decryption step is performed after a valid user activates | the device with a correct passphrase and modified metadata. | There are no visible warnings for the user that such recovery happened | (except using the luksDump command). The attack can also be reversed | afterward (simulating crashed encryption from a plaintext) with | possible modification of revealed plaintext. | […] | The issue was found by Milan Broz as cryptsetup maintainer. Upstream fixes: 2.3 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/60addcffa6794c29dccf33d8db5347f24b75f2fc 2.4 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/de98f011418c62e7b825a8ce3256e8fcdc84756e Buster and earlier are not affected since their respective (lib)cryptsetup don't support LUKS2 online reencryption. I'll provide a debdiff for bullseye-security. -- Guilhem.
signature.asc
Description: PGP signature