CVE-2019-13178
UnknownEPSS 1.69%
Last modified
CVE-2019-13178 is a vulnerability of currently unknown severity. modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.. EPSS estimates a 1.69% chance of exploitation in the next 30 days.
Description
modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Calamares | Calamares | >= 3.1, <= 3.2.10 |
References
- https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095Exploit, Issue Tracking, Third Party Advisory
- https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1726565Issue Tracking, Third Party Advisory
- https://calamares.io/calamares-3.2.11-is-out/Third Party Advisory
- https://calamares.io/calamares-cve-2019/Third Party Advisory
- https://github.com/calamares/calamares/issues/1190Issue Tracking, Third Party Advisory
- https://github.com/calamares/calamares/issues/1191Exploit, Issue Tracking, Third Party Advisory
- https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/Third Party Advisory
- https://www.pavelkogan.com/2015/01/25/linux-mint-encryption/Third Party Advisory
- https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095Exploit, Issue Tracking, Third Party Advisory
- https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1726565Issue Tracking, Third Party Advisory
- https://calamares.io/calamares-3.2.11-is-out/Third Party Advisory
- https://calamares.io/calamares-cve-2019/Third Party Advisory
- https://github.com/calamares/calamares/issues/1190Issue Tracking, Third Party Advisory
- https://github.com/calamares/calamares/issues/1191Exploit, Issue Tracking, Third Party Advisory
- https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/Third Party Advisory
- https://www.pavelkogan.com/2015/01/25/linux-mint-encryption/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-13178?
modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.
How severe is CVE-2019-13178?
Severity scoring for CVE-2019-13178 is pending analysis. The EPSS model estimates a 1.69% probability of exploitation in the next 30 days.
How do I fix CVE-2019-13178?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2019-13178?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST