{"id":"CVE-2019-13178","details":"modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.","modified":"2026-04-02T01:39:36.879184Z","published":"2019-07-02T23:15:09.830Z","related":["openSUSE-SU-2019:2628-1","openSUSE-SU-2019:2654-1","openSUSE-SU-2019:2655-1","openSUSE-SU-2024:10672-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q57BOTBA2J5U4GVKUP7N2PD5H7B3BVUU/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00020.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00021.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2ZDQRGBGRVRW5LPJWKUNS3M66LZ3KYC/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00017.html"},{"type":"ADVISORY","url":"https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/"},{"type":"ADVISORY","url":"https://www.pavelkogan.com/2015/01/25/linux-mint-encryption/"},{"type":"ADVISORY","url":"https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096"},{"type":"ADVISORY","url":"https://calamares.io/calamares-3.2.11-is-out/"},{"type":"ADVISORY","url":"https://calamares.io/calamares-cve-2019/"},{"type":"REPORT","url":"https://github.com/calamares/calamares/issues/1190"},{"type":"REPORT","url":"https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095"},{"type":"REPORT","url":"https://github.com/calamares/calamares/issues/1191"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1726565"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/calamares/calamares","events":[{"introduced":"a5280b689657551a6ef78bdb729831afd490d1d9"},{"last_affected":"c0cd14df47c8e5e87cf94b5869d71169787bff28"}],"database_specific":{"versions":[{"introduced":"3.1"},{"last_affected":"3.2.10"}]}}],"versions":["v3.1","v3.1.1","v3.1.10","v3.1.11","v3.1.12","v3.1.13","v3.1.2","v3.1.3","v3.1.4","v3.1.5","v3.1.6","v3.1.7","v3.1.8","v3.1.9","v3.2-rc2","v3.2-rc3","v3.2-rc4","v3.2-rc5","v3.2.0","v3.2.1","v3.2.10","v3.2.2","v3.2.3","v3.2.4","v3.2.5","v3.2.6","v3.2.7","v3.2.8","v3.2.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13178.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}