In the CryptSetup package, used to encrypt disk partitions in Linux, detected Vulnerability ( CVE-2021-4122 ), allowing the metadata modification to achieve the encryption in the sections in the format LUKS2 (Linux Unified Key Setup). To operate the vulnerability, the attacker must have physical access to the encrypted carrier, i.e. The method makes sense mainly for an attack on encrypted external drives, such as flash drives to which an attacker has access, but does not know the password to decrypt data.
The attack is applicable only for LUKS2 format and is related to the manipulation of metadata that are responsible for activating the “Online Reencryption” extension, which allows you to change the access key when you need to change the data storage process on the fly without stopping the work with the section. Since the process of decryption and encryption with a new key takes a long time, “Online Reencryption” makes it possible not to interrupt work with the section and performing over-haul in the background, gradually over-hauling data from one key to another. Including the ability to select an empty target key, which allows you to translate the section into a decrypted view.
Attacking can make changes to the LUKS2 metadata changes simulating the emergency interruption of the decryption operation as a result of a failure and achieve decryption part of the section after activating and using the modified drive by the owner. At the same time, the user who connected the modified drive and unlocked its correct password does not receive any warning to perform the recovery process of the interrogated operation and can learn about the progress of this operation only using the LUKS DUMP command. The amount of data, the decoding of which can achieve an attacker depends on the size of the LUKS2 header, but at the default size (16 MIB) may exceed 3 GB.
The problem is caused by the fact that despite the fact that it requires calculating and checking the hashes of new and old keys, but to begin deciphering the hash is not required if the new state implies the absence of a key to encryption (PlainText). In addition, LUKS2 metadata in which the encryption algorithm is specified is not protected from modification in the event of an attacker ingress. To block vulnerability, the developers were added to LUKS2 additional metadata protection for which an additional hash is now checked, calculated based on known key and content contents, i.e. The attacker now can not imperceptibly change the metadata, not knowing the password for decryption.