CVE-2024-38531

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.6 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
GitHub_MCNA
3.6 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Debian logo
Debian Releases
Debian Product
Codename
nix
bullseye
no-dsa
bookworm
no-dsa
trixie
2.26.3+dfsg-1
fixed
sid
2.26.3+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nix
plucky
not-affected
oracular
ignored
noble
Fixed 2.18.1+dfsg-1ubuntu5+esm2
released
mantic
ignored
jammy
Fixed 2.6.0+dfsg-3ubuntu0.1~esm1
released
focal
dne
Common Weakness Enumeration
References
https://github.com/NixOS/nix/pull/10501
https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5
https://github.com/NixOS/nix/pull/10501
https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5