https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.4/v2.4.3-ReleaseNotes "CVE-2021-4122 describes a possible attack against data confidentiality through LUKS2 online reencryption extension crash recovery. An attacker can modify on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step and persistently decrypt part of the LUKS device. This attack requires repeated physical access to the LUKS device but no knowledge of user passphrases." Fixed in cryptsetup 2.4.3 and 2.3.7, please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16ff43bbd3fa6ac5f4998b1eabaecbeb0661f465 commit 16ff43bbd3fa6ac5f4998b1eabaecbeb0661f465 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-14 15:07:20 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-14 15:07:26 +0000 sys-fs/cryptsetup: add 2.4.3 Bug: https://bugs.gentoo.org/831157 Signed-off-by: Sam James <sam@gentoo.org> sys-fs/cryptsetup/Manifest | 1 + sys-fs/cryptsetup/cryptsetup-2.4.3.ebuild | 136 ++++++++++++++++++++++++++++++ 2 files changed, 137 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e12bc0d444254ce100b1a422664ae2f7d3612745 commit e12bc0d444254ce100b1a422664ae2f7d3612745 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-14 15:07:17 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-14 15:07:25 +0000 sys-fs/cryptsetup: add 2.3.7 Bug: https://bugs.gentoo.org/831157 Signed-off-by: Sam James <sam@gentoo.org> sys-fs/cryptsetup/Manifest | 1 + sys-fs/cryptsetup/cryptsetup-2.3.7.ebuild | 127 ++++++++++++++++++++++++++++++ 2 files changed, 128 insertions(+)
Please cleanup