| Vulnerability Name: | CVE-2021-4122 (CCN-217238) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2021-12-15 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2022-01-13 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2022-08-29 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
5.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:N)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-345 CWE-349 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-4122 Source: MISC Type: Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-4122 Source: MISC Type: Permissions Required, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=2031859 Source: MISC Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=2032401 Source: XF Type: UNKNOWN cryptsetup-cve20214122-info-disc(217238) Source: CCN Type: Cryptsetup GIT Repository Cryptsetup Source: MISC Type: Patch, Third Party Advisory https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c Source: MISC Type: Release Notes, Vendor Advisory https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.4/v2.4.3-ReleaseNotes Source: CCN Type: oss-sec Mailing List, Thu, 13 Jan 2022 11:10:00 +0100 CVE-2021-4122: cryptsetup 2.x: decryption through LUKS2 reencryption crash recovery Source: CCN Type: IBM Security Bulletin 6594459 (Netcool Operations Insight) Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities. Source: CCN Type: IBM Security Bulletin 6614453 (Robotic Process Automation for Cloud Pak) Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Source: CCN Type: IBM Security Bulletin 6832956 (Cloud Pak for Security) IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities Source: CCN Type: IBM Security Bulletin 6856409 (Cloud Pak for Security) IBM Cloud Pak for Security includes components with multiple known vulnerabilities | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||