Vulnerabilities
Vulnerable Software
Calamares:  Security Vulnerabilities
modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.
CVSS Score
8.1
EPSS Score
0.02
Published
2019-07-02
Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption.
CVSS Score
7.5
EPSS Score
0.008
Published
2019-07-02


Contact Us

Shodan ® - All rights reserved