CVE-2019-13178

HIGH

Calamares 3.1-3.2.10 - Race Condition in LUKS Boot Keyfile Permissions

Title source: llm
STIX 2.1

Description

modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.

References (14)

Core 14
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/calamares/calamares/issues/1190
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095
Third Party Advisory x_refsource_misc
https://www.pavelkogan.com/2015/01/25/linux-mint-encryption/
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/calamares/calamares/issues/1191
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1726565
Third Party Advisory x_refsource_confirm
https://calamares.io/calamares-3.2.11-is-out/
Third Party Advisory x_refsource_confirm
https://calamares.io/calamares-cve-2019/

Scores

CVSS v3 8.1
EPSS 0.0169
EPSS Percentile 74.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-362
Status published
Products (1)
calamares/calamares 3.1 - 3.2.10
Published Jul 02, 2019
Tracked Since Feb 18, 2026