{"id":"USN-5286-1","summary":"cryptsetup vulnerability","details":"Milan Broz discovered that cryptsetup incorrectly handled LUKS2\nreencryption recovery. An attacker with physical access to modify the\nencrypted device header may trigger the device to be unencrypted the next\ntime it is mounted by the user.\n\nOn Ubuntu 20.04 LTS, this issue was fixed by disabling the online\nreencryption feature.\n","modified":"2026-02-10T04:42:28Z","published":"2022-02-15T15:20:44Z","related":["UBUNTU-CVE-2021-4122"],"upstream":["CVE-2021-4122","UBUNTU-CVE-2021-4122"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5286-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-4122"}],"affected":[{"package":{"name":"cryptsetup","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/cryptsetup@2:2.2.2-3ubuntu2.4?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.2.2-3ubuntu2.4"}]}],"versions":["2:2.2.0-3ubuntu1","2:2.2.1-1ubuntu1","2:2.2.2-1ubuntu1","2:2.2.2-2ubuntu1","2:2.2.2-3ubuntu1","2:2.2.2-3ubuntu2","2:2.2.2-3ubuntu2.2","2:2.2.2-3ubuntu2.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2:2.2.2-3ubuntu2.4","binary_name":"cryptsetup"},{"binary_version":"2:2.2.2-3ubuntu2.4","binary_name":"cryptsetup-bin"},{"binary_version":"2:2.2.2-3ubuntu2.4","binary_name":"cryptsetup-initramfs"},{"binary_version":"2:2.2.2-3ubuntu2.4","binary_name":"cryptsetup-run"},{"binary_version":"2:2.2.2-3ubuntu2.4","binary_name":"libcryptsetup-dev"},{"binary_version":"2:2.2.2-3ubuntu2.4","binary_name":"libcryptsetup12"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5286-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2021-4122"}],"ecosystem":"Ubuntu:20.04:LTS"}}}],"schema_version":"1.7.3"}