Nixpkgs security tracker
7.8 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
TOCTOU local privilege escalation vulnerability
VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed.
Affected products
- <2026H1
Matching in nixpkgs
pkgs.datafusion-cli
CLI for Apache Arrow DataFusion
pkgs.lxgw-fusionkai
Simplified Chinese font derived from LXGW WenKai GB, iansui and Klee One
pkgs.fusionInventory
FusionInventory unified Agent for UNIX, Linux, Windows and MacOSX
pkgs.finalfusion-utils
Utility for converting, quantizing, and querying word embeddings
pkgs.stable-diffusion-cpp
Stable Diffusion inference in pure C/C++
-
nixos-unstable 558-8afbeb6
- nixpkgs-unstable 558-8afbeb6
- nixos-unstable-small 558-8afbeb6
pkgs.fusioninventory-agent
FusionInventory unified Agent for UNIX, Linux, Windows and MacOSX
pkgs.stable-diffusion-cpp-cuda
Stable Diffusion inference in pure C/C++
-
nixos-unstable 558-8afbeb6
- nixpkgs-unstable 558-8afbeb6
- nixos-unstable-small 558-8afbeb6
pkgs.stable-diffusion-cpp-rocm
Stable Diffusion inference in pure C/C++
-
nixos-unstable 558-8afbeb6
- nixpkgs-unstable 558-8afbeb6
- nixos-unstable-small 558-8afbeb6
pkgs.stable-diffusion-cpp-vulkan
Stable Diffusion inference in pure C/C++
-
nixos-unstable 558-8afbeb6
- nixpkgs-unstable 558-8afbeb6
- nixos-unstable-small 558-8afbeb6
pkgs.python312Packages.datafusion
Extensible query execution framework
pkgs.python313Packages.datafusion
Extensible query execution framework
pkgs.python313Packages.vegafusion
Core tools for using VegaFusion from Python
pkgs.python314Packages.datafusion
Extensible query execution framework
pkgs.python314Packages.vegafusion
Core tools for using VegaFusion from Python
pkgs.haskellPackages.fusion-plugin
GHC plugin to make stream fusion more predictable
pkgs.pkgsRocm.stable-diffusion-cpp
Stable Diffusion inference in pure C/C++
-
nixos-unstable 558-8afbeb6
- nixpkgs-unstable 558-8afbeb6
- nixos-unstable-small 558-8afbeb6
pkgs.python312Packages.finalfusion
Python module for using finalfusion, word2vec, and fastText word embeddings
pkgs.python312Packages.k-diffusion
Karras et al. (2022) diffusion models for PyTorch
-
nixos-25.11 0.1.1.post1
- nixos-25.11-small 0.1.1.post1
- nixpkgs-25.11-darwin 0.1.1.post1
pkgs.python313Packages.finalfusion
Python module for using finalfusion, word2vec, and fastText word embeddings
pkgs.python313Packages.k-diffusion
Karras et al. (2022) diffusion models for PyTorch
-
nixos-unstable 0.1.1.post1
- nixpkgs-unstable 0.1.1.post1
- nixos-unstable-small 0.1.1.post1
-
nixos-25.11 0.1.1.post1
- nixos-25.11-small 0.1.1.post1
- nixpkgs-25.11-darwin 0.1.1.post1
pkgs.python314Packages.finalfusion
Python module for using finalfusion, word2vec, and fastText word embeddings
pkgs.python314Packages.k-diffusion
Karras et al. (2022) diffusion models for PyTorch
-
nixos-unstable 0.1.1.post1
- nixpkgs-unstable 0.1.1.post1
- nixos-unstable-small 0.1.1.post1
pkgs.haskellPackages.gogol-datafusion
Google Cloud Data Fusion SDK
pkgs.haskellPackages.gogol-fusiontables
Google Fusion Tables SDK
pkgs.haskellPackages.fusion-plugin-types
Types for the fusion-plugin package
pkgs.pkgsRocm.python3Packages.k-diffusion
Karras et al. (2022) diffusion models for PyTorch
-
nixos-unstable 0.1.1.post1
- nixpkgs-unstable 0.1.1.post1
- nixos-unstable-small 0.1.1.post1
-
nixos-25.11 0.1.1.post1
- nixos-25.11-small 0.1.1.post1
- nixpkgs-25.11-darwin 0.1.1.post1
pkgs.pkgsRocm.stable-diffusion-cpp-vulkan
Stable Diffusion inference in pure C/C++
-
nixos-unstable 558-8afbeb6
- nixpkgs-unstable 558-8afbeb6
- nixos-unstable-small 558-8afbeb6
Package maintainers
-
@happysalada Raphael Megzari <raphael@megzari.com>
-
@phile314 Philipp Hausmann <nix@314.ch>
-
@hellodword hellodword
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>
-
@cpcloud Phillip Cloud
-
@adrlau Adrian Gunnar Lauterer <adrian@lauterer.it>
-
@dit7ya Mostly Void <7rat13@gmail.com>
-
@wariuccio Wariuccio