Tsimonq2

**Name of the Vulnerable Software and Affected Versions** Calamares versions 3.1 through 3.2.10 **Description** The issue is related to a race condition in the creation and permission setting of the LUKS encryption keyfile. This occurs between the time the keyfile is created and when secure permissions are set, potentially exposing the keyfile to unauthorized access. **Recommendations** For Calamares versions 3.1 through 3.2.10, consider applying secure permissions immediately after creating the LUKS encryption keyfile to mitigate the risk of exploitation. As a temporary workaround, restrict access to the keyfile until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Calamares versions 3.1 through 3.2.10 **Description** The issue concerns the copying of a LUKS encryption keyfile from /crypto keyfile.bin to /boot within a globally readable initramfs image. This results in the originally protected file being readable by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption. **Recommendations** For Calamares versions 3.1 through 3.2.10, consider updating to a version where this issue is resolved, as the current version insecurely exposes the LUKS encryption keyfile. At the moment, there is no information about a newer version that contains a fix for this vulnerability.