Main Vulnerability Database SB2024030783

SB2024030783 - Improper access control in nix

Published: March 7, 2024 Updated: April 8, 2026

Security Bulletin ID SB2024030783

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2024-27297)

The vulnerability allows a remote user to modify the output of fixed-output derivations.

The vulnerability exists due to improper access control in fixed-output derivations when sending file descriptors to files in the Nix store to another program via Unix domain sockets in the abstract namespace. A remote user can send file descriptors to another program running on the host to modify the output of fixed-output derivations.

This issue affects Linux systems and can occur after Nix has registered the path as valid and immutable in the Nix database.

Remediation

Install update from vendor's website.

SB2024030783 - Improper access control in nix

Breakdown by Severity

Description

Remediation

References

Please verify you're human