LUKS2 is an on-disk format for disk-encryption configuration with cryptsetup as the tool for configuration on Linux systems.
LUKS2 online reencryption is an optional extension to allow a user to change the data reencryption key while the data device is available for use during the whole reencryption process.
CVE-2021-4122 describes a possible attack against data confidentiality through LUKS2 online reencryption extension crash recovery.
An attacker can modify on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step and persistently decrypt part of the LUKS device.
This attack requires repeated physical access to the LUKS device but no knowledge of user passphrases.
↳ CVE-2021-4122: cryptsetup 2.x: decryption through LUKS2 reencryption crash recovery
Nickname: