Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

CVE-2021-4122 - Decryption through LUKS2 reencryption crash recovery

LUKS2 is an on-disk format for disk-encryption configuration with cryptsetup as the tool for configuration on Linux systems.

LUKS2 online reencryption is an optional extension to allow a user to change the data reencryption key while the data device is available for use during the whole reencryption process.

CVE-2021-4122 describes a possible attack against data confidentiality through LUKS2 online reencryption extension crash recovery.

An attacker can modify on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step and persistently decrypt part of the LUKS device.

This attack requires repeated physical access to the LUKS device but no knowledge of user passphrases.

CVE-2021-4122: cryptsetup 2.x: decryption through LUKS2 reencryption crash recovery