Описание
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.
Отчет
Red Hat Enterprise Linux version 7 and older are not affected since they do not support online reencryption.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | cryptsetup | Not affected | ||
| Red Hat Enterprise Linux 9 | cryptsetup | Not affected | ||
| Red Hat Enterprise Linux 8 | cryptsetup | Fixed | RHSA-2022:0370 | 01.02.2022 |
| Red Hat Enterprise Linux 8 | cryptsetup | Fixed | RHSA-2022:0370 | 01.02.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.
It was found that a specially crafted LUKS header could trick cryptset ...
EPSS
5.9 Medium
CVSS3