CVE-2019-13178
Description
modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Race condition in Calamares 3.1-3.2.10 allows unprivileged users to read LUKS encryption keyfile before secure permissions are set.
Vulnerability
CVE-2019-13178 is a race condition in the generation of the LUKS encryption keyfile within Calamares versions 3.1 through 3.2.10 [1]. The keyfile is created with default umask permissions, then changed to 0600 via chmod. Between creation and permission change, the file may be world-readable [1]. The keyfile path is typically /crypto_keyfile.bin [3]. The issue occurs during system installation when encrypted partitions are set up.
Exploitation
An attacker with local unprivileged access to the filesystem during the race window can read the keyfile. The window is short but exploitable. No authentication is required beyond a local shell, and no user interaction is needed beyond the installation process [1].
Impact
Successful exploitation yields the LUKS decryption key, which can decrypt the entire encrypted disk. An unprivileged attacker can gain full access to all data on the encrypted system, compromising confidentiality and integrity [1][3].
Mitigation
The issue is fixed in Calamares versions after 3.2.10. Users should upgrade to the latest release. No workarounds are documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- Calamares/Calamaresdescription
- osv-coords4 versionspkg:rpm/opensuse/calamares&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/calamares&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/calamares&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/calamares&distro=SUSE%20Package%20Hub%2015%20SP1
< 3.2.15-lp151.4.3.3+ 3 more
- (no CPE)range: < 3.2.15-lp151.4.3.3
- (no CPE)range: < 3.2.15-lp151.4.3.3
- (no CPE)range: < 3.2.15-bp150.2.6.1
- (no CPE)range: < 3.2.15-bp151.4.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- lists.opensuse.org/opensuse-security-announce/2019-12/msg00017.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-12/msg00020.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-12/msg00021.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q57BOTBA2J5U4GVKUP7N2PD5H7B3BVUU/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2ZDQRGBGRVRW5LPJWKUNS3M66LZ3KYC/mitrevendor-advisoryx_refsource_FEDORA
- bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095mitrex_refsource_MISC
- bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- calamares.io/calamares-3.2.11-is-out/mitrex_refsource_CONFIRM
- calamares.io/calamares-cve-2019/mitrex_refsource_CONFIRM
- github.com/calamares/calamares/issues/1190mitrex_refsource_MISC
- github.com/calamares/calamares/issues/1191mitrex_refsource_MISC
- www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/mitrex_refsource_MISC
- www.pavelkogan.com/2015/01/25/linux-mint-encryption/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.