{"api_version":"1","generated_at":"2026-04-22T21:37:43+00:00","cve":"CVE-2021-4122","urls":{"html":"https://cve.report/CVE-2021-4122","api":"https://cve.report/api/cve/CVE-2021-4122.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-4122","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-4122"},"summary":{"title":"CVE-2021-4122","description":"It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-08-24 16:15:00","updated_at":"2022-08-29 14:28:00"},"problem_types":["CWE-345"],"metrics":[],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2021-4122","name":"https://access.redhat.com/security/cve/CVE-2021-4122","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.4/v2.4.3-ReleaseNotes","name":"https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.4/v2.4.3-ReleaseNotes","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2031859","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2031859","refsource":"MISC","tags":[],"title":"Bug Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c","name":"https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c","refsource":"MISC","tags":[],"title":"Fix CVE-2021-4122 - LUKS2 reencryption crash recovery attack (0113ac2d) · Commits · cryptsetup / cryptsetup · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2032401","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2032401","refsource":"MISC","tags":[],"title":"2032401 – (CVE-2021-4122) CVE-2021-4122 cryptsetup: disable encryption via header rewrite","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-4122","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4122","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"4122","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cryptsetup_project","cpe5":"cryptsetup","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-4122","qid":"159625","title":"Oracle Enterprise Linux Security Update for cryptsetup (ELSA-2022-0370)"},{"cve":"CVE-2021-4122","qid":"179063","title":"Debian Security Update for cryptsetup (DSA 5070-1)"},{"cve":"CVE-2021-4122","qid":"182753","title":"Debian Security Update for cryptsetup (CVE-2021-4122)"},{"cve":"CVE-2021-4122","qid":"198664","title":"Ubuntu Security Notification for cryptsetup Vulnerability (USN-5286-1)"},{"cve":"CVE-2021-4122","qid":"240053","title":"Red Hat Update for cryptsetup (RHSA-2022:0370)"},{"cve":"CVE-2021-4122","qid":"282245","title":"Fedora Security Update for cryptsetup (FEDORA-2022-40d0a8de5e)"},{"cve":"CVE-2021-4122","qid":"282290","title":"Fedora Security Update for cryptsetup (FEDORA-2022-61b55b6ebc)"},{"cve":"CVE-2021-4122","qid":"354309","title":"Amazon Linux Security Advisory for cryptsetup : ALAS2022-2022-174"},{"cve":"CVE-2021-4122","qid":"354362","title":"Amazon Linux Security Advisory for cryptsetup : ALAS2022-2022-064"},{"cve":"CVE-2021-4122","qid":"355258","title":"Amazon Linux Security Advisory for cryptsetup : ALAS2023-2023-027"},{"cve":"CVE-2021-4122","qid":"377364","title":"Alibaba Cloud Linux Security Update for cryptsetup (ALINUX3-SA-2022:0008)"},{"cve":"CVE-2021-4122","qid":"500106","title":"Alpine Linux Security Update for cryptsetup"},{"cve":"CVE-2021-4122","qid":"501952","title":"Alpine Linux Security Update for cryptsetup"},{"cve":"CVE-2021-4122","qid":"503884","title":"Alpine Linux Security Update for cryptsetup"},{"cve":"CVE-2021-4122","qid":"591406","title":"Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)"},{"cve":"CVE-2021-4122","qid":"672118","title":"EulerOS Security Update for cryptsetup (EulerOS-SA-2022-2308)"},{"cve":"CVE-2021-4122","qid":"672145","title":"EulerOS Security Update for cryptsetup (EulerOS-SA-2022-2411)"},{"cve":"CVE-2021-4122","qid":"672175","title":"EulerOS Security Update for cryptsetup (EulerOS-SA-2022-2424)"},{"cve":"CVE-2021-4122","qid":"672482","title":"EulerOS Security Update for cryptsetup (EulerOS-SA-2023-1029)"},{"cve":"CVE-2021-4122","qid":"672518","title":"EulerOS Security Update for cryptsetup (EulerOS-SA-2023-1004)"},{"cve":"CVE-2021-4122","qid":"751628","title":"OpenSUSE Security Update for cryptsetup (openSUSE-SU-2022:0144-1)"},{"cve":"CVE-2021-4122","qid":"752012","title":"SUSE Enterprise Linux Security Update for cryptsetup (SUSE-SU-2022:0144-1)"},{"cve":"CVE-2021-4122","qid":"903769","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for cryptsetup (10697)"},{"cve":"CVE-2021-4122","qid":"904193","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for cryptsetup (10697-1)"},{"cve":"CVE-2021-4122","qid":"940447","title":"AlmaLinux Security Update for cryptsetup (ALSA-2022:0370)"},{"cve":"CVE-2021-4122","qid":"960108","title":"Rocky Linux Security Update for cryptsetup (RLSA-2022:370)"},{"cve":"CVE-2021-4122","qid":"960790","title":"Rocky Linux Security Update for cryptsetup (RLSA-2022:0370)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-4122","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"cryptsetup","version":{"version_data":[{"version_value":"Fixed in cryptsetup 2.4.3, cryptsetup 2.3.7"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-345 - Insufficient Verification of Data Authenticity"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2031859","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2031859"},{"refsource":"MISC","name":"https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.4/v2.4.3-ReleaseNotes","url":"https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.4/v2.4.3-ReleaseNotes"},{"refsource":"MISC","name":"https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c","url":"https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c"},{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2032401","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2032401"},{"refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2021-4122","url":"https://access.redhat.com/security/cve/CVE-2021-4122"}]},"description":{"description_data":[{"lang":"eng","value":"It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium."}]}},"nvd":{"publishedDate":"2022-08-24 16:15:00","lastModifiedDate":"2022-08-29 14:28:00","problem_types":["CWE-345"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.7,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cryptsetup_project:cryptsetup:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndExcluding":"2.4.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cryptsetup_project:cryptsetup:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.7","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"4122","Ordinal":"223065","Title":"CVE-2021-4122","CVE":"CVE-2021-4122","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"4122","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}