High severity7.5NVD Advisory· Published Jul 2, 2019· Updated Jun 17, 2026
CVE-2019-13179
CVE-2019-13179
Description
Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Calamares/Calamaresdescription
Patches
Vulnerability mechanics
References
8- bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095nvdExploitIssue TrackingThird Party Advisory
- github.com/calamares/calamares/issues/1191nvdExploitIssue TrackingThird Party Advisory
- bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- calamares.io/calamares-3.2.11-is-out/nvdVendor Advisory
- calamares.io/calamares-cve-2019/nvdVendor Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q57BOTBA2J5U4GVKUP7N2PD5H7B3BVUU/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2ZDQRGBGRVRW5LPJWKUNS3M66LZ3KYC/nvd
News mentions
0No linked articles in our index yet.