VDB

DEBIAN-CVE-2021-4122

DEBIAN-CVE-2021-4122 PUBLISHED CVSS 4.300000190734863 MEDIUM

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Debian:12cryptsetup0, 0, 0
Debian:13cryptsetup0, 0, 0
Debian:11cryptsetup0, 2:2.3.5-1+exp1, 2:2.3.7-1+deb11u1~bpo10+1
Debian:14cryptsetup0, 0, 0

Timeline

  • Aug 24, 2022 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›