[pkg-cryptsetup-devel] Security issue (CVE-2021-4122) in cryptsetup 2:2.3.5-1
Christoph Anton Mitterer
calestyo at scientia.org
Thu Feb 10 15:52:19 GMT 2022
On Thu, 2022-02-10 at 16:36 +0100, Yves-Alexis Perez wrote:
> Thanks for the pointer. As far as I understand it, every time an
> attacker
> modifies the LUKS2 header and the device is activated (at boot for
> example) by
> the legitimate user, a hotzone can be decrypted (~3GiB with default
> LUKS2
> parameters). With repeated access one could decrypt the whole disk
> but it
> would be more visible.
Yes... and having a LUKS1 header doesn't protect, as that could be
converted (by the attacker) too.
Cheers,
Chris.
More information about the pkg-cryptsetup-devel
mailing list