Improper access control in nix - CVE-2024-27297
Published: March 7, 2024 / Updated: April 8, 2026
Vulnerability identifier: #VU125377
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-27297
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
nix
nix
Software vendor:
nixos.org
nixos.org
Description
The vulnerability allows a remote user to modify the output of fixed-output derivations.
The vulnerability exists due to improper access control in fixed-output derivations when sending file descriptors to files in the Nix store to another program via Unix domain sockets in the abstract namespace. A remote user can send file descriptors to another program running on the host to modify the output of fixed-output derivations.
This issue affects Linux systems and can occur after Nix has registered the path as valid and immutable in the Nix database.
Remediation
Install security update from vendor's website.