PT-2019-13170 · Calamares+1 · Calamares+1

Tsimonq2

Published

2019-07-02

Updated

2019-12-09

CVE-2019-13178

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Calamares versions 3.1 through 3.2.10

Description The issue is related to a race condition in the creation and permission setting of the LUKS encryption keyfile. This occurs between the time the keyfile is created and when secure permissions are set, potentially exposing the keyfile to unauthorized access.

Recommendations For Calamares versions 3.1 through 3.2.10, consider applying secure permissions immediately after creating the LUKS encryption keyfile to mitigate the risk of exploitation. As a temporary workaround, restrict access to the keyfile until a patch is available.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2019-13178

OPENSUSE-SU-2019:2628-1

OPENSUSE-SU-2019:2654-1

OPENSUSE-SU-2019:2655-1

OPENSUSE-SU-2019_2628-1

OPENSUSE-SU-2024:10672-1

Affected Products

Calamares

Suse

PT-2019-13170 · Calamares+1 · Calamares+1

CVE-2019-13178

Weakness Enumeration

Related Identifiers

Affected Products

References · 30