modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.
Related bugs and status
CVE-2019-13178 (Candidate)
is related to these bugs: