FKIE_CVE-2026-32606
Vulnerability from fkie_nvd - Published: 2026-03-18 06:16 - Updated: 2026-03-18 14:52
Severity ?
Summary
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system's owner or any tampering of Secure Boot state or kernel (UKI) boot image. That's because in this configuration, the LUKS key is made available by the TPM so long as the system has the expected PCR7 value and the PCR11 policy matches. That default PCR11 policy importantly allows for the TPM to release the key to the booted system rather than just from the initrd part of the signed kernel image (UKI). The attack relies on the attacker being able to substitute the original encrypted root partition for one that they control. By doing so, the system will prompt for a recovery key on boot, which the attacker has defined and can provide, before booting the system using the attacker's root partition rather than the system's original one. The attacker only needs to put a systemd unit starting on system boot within their root partition to have the system run that logic on boot. That unit will then run in an environment where the TPM will allow for the retrieval of the encryption key of the real root disk, allowing the attacker to steal the LUKS volume key (immutable master key) and then use it against the real root disk, altering it or getting data out before putting the disk back the way it was and returning the system without a trace of this attack having happened. This is all possible because the system will have still booted with Secure Boot enabled, will have measured and ran the expected bootloader and kernel image (UKI). The initrd selects the root disk based on GPT partition identifiers making it possible to easily substitute the real root disk for an attacker controlled one. This doesn't lead to any change in the TPM state and therefore allows for retrieval of the LUKS key by the attacker through a boot time systemd unit on their alternative root partition. IncusOS version 202603142010 (2026/03/14 20:10 UTC) includes the new PCR15 logic and will automatically update the TPM policy on boot. Anyone suspecting that their system may have been physically accessed while shut down should perform a full system wipe and reinstallation as only that will rotate the LUKS volume key and prevent subsequent access to the encrypted data should the system have been previously compromised. There are no known workarounds other than updating to a version with corrected logic which will automatically rebind the LUKS keys to the new set of TPM registers and prevent this from being exploited.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system\u0027s owner or any tampering of Secure Boot state or kernel (UKI) boot image. That\u0027s because in this configuration, the LUKS key is made available by the TPM so long as the system has the expected PCR7 value and the PCR11 policy matches. That default PCR11 policy importantly allows for the TPM to release the key to the booted system rather than just from the initrd part of the signed kernel image (UKI). The attack relies on the attacker being able to substitute the original encrypted root partition for one that they control. By doing so, the system will prompt for a recovery key on boot, which the attacker has defined and can provide, before booting the system using the attacker\u0027s root partition rather than the system\u0027s original one. The attacker only needs to put a systemd unit starting on system boot within their root partition to have the system run that logic on boot. That unit will then run in an environment where the TPM will allow for the retrieval of the encryption key of the real root disk, allowing the attacker to steal the LUKS volume key (immutable master key) and then use it against the real root disk, altering it or getting data out before putting the disk back the way it was and returning the system without a trace of this attack having happened. This is all possible because the system will have still booted with Secure Boot enabled, will have measured and ran the expected bootloader and kernel image (UKI). The initrd selects the root disk based on GPT partition identifiers making it possible to easily substitute the real root disk for an attacker controlled one. This doesn\u0027t lead to any change in the TPM state and therefore allows for retrieval of the LUKS key by the attacker through a boot time systemd unit on their alternative root partition. IncusOS version 202603142010 (2026/03/14 20:10 UTC) includes the new PCR15 logic and will automatically update the TPM policy on boot. Anyone suspecting that their system may have been physically accessed while shut down should perform a full system wipe and reinstallation as only that will rotate the LUKS volume key and prevent subsequent access to the encrypted data should the system have been previously compromised. There are no known workarounds other than updating to a version with corrected logic which will automatically rebind the LUKS keys to the new set of TPM registers and prevent this from being exploited."
},
{
"lang": "es",
"value": "IncusOS es una imagen de SO inmutable dedicada a ejecutar Incus. Antes de 202603142010, la configuraci\u00f3n predeterminada de systemd-cryptenroll utilizada por IncusOS a trav\u00e9s de mkosi permite a un atacante con acceso f\u00edsico a la m\u00e1quina acceder a los datos cifrados sin requerir ninguna interacci\u00f3n por parte del propietario del sistema ni ninguna manipulaci\u00f3n del estado de Secure Boot o de la imagen de arranque del kernel (UKI). Esto se debe a que, en esta configuraci\u00f3n, la clave LUKS es puesta a disposici\u00f3n por el TPM siempre y cuando el sistema tenga el valor PCR7 esperado y la pol\u00edtica PCR11 coincida. Esa pol\u00edtica PCR11 predeterminada, de manera importante, permite al TPM liberar la clave al sistema arrancado en lugar de solo desde la parte initrd de la imagen del kernel firmada (UKI). El ataque se basa en que el atacante pueda sustituir la partici\u00f3n ra\u00edz cifrada original por una que ellos controlan. Al hacerlo, el sistema solicitar\u00e1 una clave de recuperaci\u00f3n al arrancar, que el atacante ha definido y puede proporcionar, antes de arrancar el sistema utilizando la partici\u00f3n ra\u00edz del atacante en lugar de la original del sistema. El atacante solo necesita colocar una unidad systemd que se inicie con el arranque del sistema dentro de su partici\u00f3n ra\u00edz para que el sistema ejecute esa l\u00f3gica al arrancar. Esa unidad se ejecutar\u00e1 entonces en un entorno donde el TPM permitir\u00e1 la recuperaci\u00f3n de la clave de cifrado del disco ra\u00edz real, permitiendo al atacante robar la clave de volumen LUKS (clave maestra inmutable) y luego usarla contra el disco ra\u00edz real, alter\u00e1ndolo o extrayendo datos antes de volver a colocar el disco como estaba y devolver el sistema sin dejar rastro de que este ataque haya ocurrido. Todo esto es posible porque el sistema habr\u00e1 arrancado con Secure Boot habilitado, habr\u00e1 medido y ejecutado el cargador de arranque y la imagen del kernel (UKI) esperados. El initrd selecciona el disco ra\u00edz bas\u00e1ndose en identificadores de partici\u00f3n GPT, lo que hace posible sustituir f\u00e1cilmente el disco ra\u00edz real por uno controlado por un atacante. Esto no provoca ning\u00fan cambio en el estado del TPM y, por lo tanto, permite la recuperaci\u00f3n de la clave LUKS por parte del atacante a trav\u00e9s de una unidad systemd en tiempo de arranque en su partici\u00f3n ra\u00edz alternativa. La versi\u00f3n de IncusOS 202603142010 (14/03/2026 20:10 UTC) incluye la nueva l\u00f3gica PCR15 y actualizar\u00e1 autom\u00e1ticamente la pol\u00edtica del TPM al arrancar. Cualquiera que sospeche que su sistema pudo haber sido accedido f\u00edsicamente mientras estaba apagado debe realizar un borrado completo del sistema y una reinstalaci\u00f3n, ya que solo eso rotar\u00e1 la clave de volumen LUKS y evitar\u00e1 el acceso posterior a los datos cifrados en caso de que el sistema haya sido comprometido previamente. No se conocen soluciones alternativas aparte de actualizar a una versi\u00f3n con l\u00f3gica corregida que reasociar\u00e1 autom\u00e1ticamente las claves LUKS al nuevo conjunto de registros TPM y evitar\u00e1 que esto sea explotado."
}
],
"id": "CVE-2026-32606",
"lastModified": "2026-03-18T14:52:44.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-03-18T06:16:18.970",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://discuss.linuxcontainers.org/t/potential-luks-encryption-bypass-through-filesystem-confusion/26348"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/lxc/incus-os/commit/e3b35f230d23443d27752eac27ebb2b22c957b75"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/lxc/incus-os/pull/954"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/lxc/incus-os/security/advisories/GHSA-wj2j-qwcf-cfcc"
},
{
"source": "security-advisories@github.com",
"url": "https://oddlama.org/blog/bypassing-disk-encryption-with-tpm2-unlock"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…