CVE-2021-4122: 
NixOS vulnerability analysis and mitigation

CVE-2021-4122 is a security vulnerability discovered in cryptsetup's LUKS (Linux Unified Key Setup) encryption system. The vulnerability, disclosed in January 2022, allows an attacker with physical access to trick cryptsetup into disabling encryption during device recovery. This flaw affects cryptsetup versions from 2.2.0 onwards, while versions 1.x, 2.0.x, and 2.1.x are not affected as they lack LUKS2 reencryption extension support (NVD, Debian).

The vulnerability exists in the LUKS2 online reencryption extension crash recovery mechanism. An attacker can modify on-disk metadata to simulate decryption in progress with crashed reencryption step, leading to permanent data decryption on part of the LUKS device. With default parameters (16 MiB LUKS2 header) and one allocated keyslot, the maximal decrypted size can exceed 3GiB. The attack doesn't require knowledge of user passphrases but needs physical access to the encrypted device (Release Notes).

The vulnerability allows an attacker with physical access to force permanent decryption of data on encrypted devices. The attack can be reversed afterward, allowing modification of revealed plaintext, and can be executed without leaving visible warnings to users except through the luksDump command. The decryption occurs when a legitimate user activates the device with a correct passphrase (Hacker News).

The vulnerability was fixed in cryptsetup versions 2.4.3 and 2.3.7. The fix introduces additional digest protection of reencryption metadata, calculated from known keys and critical reencryption metadata. This prevents attackers from creating correct metadata digest without knowledge of a passphrase for used keyslots. Users must upgrade to these versions or later to protect against this vulnerability (Release Notes).