CVE-2026-32606
Received Received - Intake
TPM Policy Bypass in IncusOS Enables LUKS Key Theft

Publication date: 2026-03-18

Last updated on: 2026-03-18

Assigner: GitHub, Inc.

Description
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system's owner or any tampering of Secure Boot state or kernel (UKI) boot image. That's because in this configuration, the LUKS key is made available by the TPM so long as the system has the expected PCR7 value and the PCR11 policy matches. That default PCR11 policy importantly allows for the TPM to release the key to the booted system rather than just from the initrd part of the signed kernel image (UKI). The attack relies on the attacker being able to substitute the original encrypted root partition for one that they control. By doing so, the system will prompt for a recovery key on boot, which the attacker has defined and can provide, before booting the system using the attacker's root partition rather than the system's original one. The attacker only needs to put a systemd unit starting on system boot within their root partition to have the system run that logic on boot. That unit will then run in an environment where the TPM will allow for the retrieval of the encryption key of the real root disk, allowing the attacker to steal the LUKS volume key (immutable master key) and then use it against the real root disk, altering it or getting data out before putting the disk back the way it was and returning the system without a trace of this attack having happened. This is all possible because the system will have still booted with Secure Boot enabled, will have measured and ran the expected bootloader and kernel image (UKI). The initrd selects the root disk based on GPT partition identifiers making it possible to easily substitute the real root disk for an attacker controlled one. This doesn't lead to any change in the TPM state and therefore allows for retrieval of the LUKS key by the attacker through a boot time systemd unit on their alternative root partition. IncusOS version 202603142010 (2026/03/14 20:10 UTC) includes the new PCR15 logic and will automatically update the TPM policy on boot. Anyone suspecting that their system may have been physically accessed while shut down should perform a full system wipe and reinstallation as only that will rotate the LUKS volume key and prevent subsequent access to the encrypted data should the system have been previously compromised. There are no known workarounds other than updating to a version with corrected logic which will automatically rebind the LUKS keys to the new set of TPM registers and prevent this from being exploited.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-18
Generated
2026-05-07
AI Q&A
2026-03-18
EPSS Evaluated
2026-05-05
NVD
CVE-2026-32606
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lxc incusos to 202603142010 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2026-32606 is a high-severity vulnerability in IncusOS versions prior to 202603142010 that allows an attacker with physical access to bypass LUKS disk encryption. The issue arises because the default TPM (Trusted Platform Module) policy used by systemd-cryptenroll allows the TPM to release the LUKS encryption key not only during the initial RAM disk (initrd) phase but also after the system has fully booted. This happens due to the PCR11 policy permitting key release beyond the initrd phase.'}, {'type': 'paragraph', 'content': "An attacker can exploit this by physically modifying the system while it is powered off: they replace the original encrypted root partition with a malicious one that they control. This malicious root partition prompts for a recovery key on boot, which the attacker knows and provides. The system boots into the attacker-controlled root partition, which runs a systemd unit that extracts the real root disk's LUKS key from the TPM. With this key, the attacker can access or modify the original encrypted data and then restore the system to its original state, leaving no trace."}, {'type': 'paragraph', 'content': 'This attack works despite Secure Boot being enabled and the bootloader and kernel image being verified, because the TPM state (PCRs) does not change during the attack, and the system selects the root disk based on GPT partition UUIDs, allowing root partition substitution.'}] [1, 3]


How can this vulnerability impact me? :

This vulnerability allows an attacker with physical access to your machine to extract the LUKS volume encryption key without needing any user interaction or elevated privileges. This means the attacker can fully compromise the confidentiality, integrity, and availability of your encrypted data.

  • The attacker can access, modify, or steal data from the encrypted root partition.
  • The attacker can restore the system to its original state after the attack, leaving no trace of compromise.
  • The attack bypasses Secure Boot protections and TPM measurements, making it difficult to detect.
  • Systems in environments with weak physical security (e.g., theft or tampering while powered off) are particularly at risk.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability is related to physical access attacks on IncusOS systems prior to version 202603142010 and involves TPM PCR policy bypass to extract LUKS encryption keys. Detection involves checking whether the system is running a vulnerable version of IncusOS and verifying the TPM PCR bindings on the encrypted root partition.

Specifically, you can check if the LUKS volume keys are bound to PCR 15 in addition to PCR 7 and PCR 11. The absence of PCR 15 binding indicates a vulnerable system.

A suggested command to inspect TPM PCR bindings on a LUKS volume is to use systemd-cryptenroll or cryptsetup tools to query TPM PCR bindings. For example, you can run:

  • `systemd-cryptenroll --tpm2-pcrs` on the encrypted device to display current TPM PCR bindings.
  • Alternatively, use `cryptsetup luksDump <device>` to inspect the LUKS header and check for TPM2 keyslots and their PCR bindings.

If the PCR 15 binding is missing or the system is running a version prior to 202603142010, the system is vulnerable.


What immediate steps should I take to mitigate this vulnerability?

The primary mitigation is to update IncusOS to version 202603142010 or later, which includes a fix that adds PCR 15 binding to the TPM policy, preventing the TPM from releasing the LUKS key after the initrd phase.

If you suspect that your system has been physically accessed while powered off, you should perform a full system wipe and reinstall. This is necessary to rotate the LUKS volume key and prevent unauthorized access to encrypted data.

There are no known workarounds other than updating to the fixed version and performing a full reinstall if compromise is suspected.

  • Update IncusOS to version 202603142010 or later.
  • If physical compromise is suspected, perform a full system wipe and reinstall to rotate LUKS keys.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart