CVSS: 3.6EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38531 – Nix sandbox escape
https://notcve.org/view.php?id=CVE-2024-38531
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4. Nix es un administrador de paquetes para Linux y otros sistemas Unix que hace que la administración de paquetes sea confiable y reproducible. • https://github.com/NixOS/nix/pull/10501 https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5 • CWE-278: Insecure Preserved Inherited Permissions •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27297 – Nix Corruption of fixed-output derivations
https://notcve.org/view.php?id=CVE-2024-27297
Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. • https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000 https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 https://hackmd.io/03UGerewRcy3db44JQoWvw • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •