Nixpkgs security tracker
5.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): High (H)
- User Interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): High (H)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
domctl lock open to abuse
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these operations may not be executed in parallel, so a system-wide lock is used. The way that lock is acquired is, however, not providing any fairness. This is CVE-2026-42489. Furthermore, with XSM/Flask in use, the lock acquire will, for some operations, occur ahead of any permission checking. This is CVE-2026-42490.
Affected products
- ==consult Xen advisory XSA-492
Matching in nixpkgs
pkgs.xen
Type-1 hypervisor intended for embedded and hyperscale use cases
pkgs.xenon
Monitoring tool based on radon
pkgs.hhexen
None
pkgs.lexend
None
-
nixos-unstable 0.pre+date=2022-09-22
- nixos-unstable-small 0.pre+date=2022-09-22
-
nixos-26.05 0.pre+date=2022-09-22
- nixos-26.05-small 0.pre+date=2022-09-22
- nixpkgs-26.05-darwin 0.pre+date=2022-09-22
pkgs.uhexen2
Cross-platform port of Hexen II game
pkgs.OVMF-xen
Sample UEFI firmware for Xen guests
pkgs.qemu_xen
Generic and open source machine emulator and virtualizer
pkgs.xenomapper
Utility for post processing mapped reads that have been aligned to a primary genome and a secondary genome and binning reads into species specific, multimapping in each species, unmapped and unassigned bins
pkgs.nxengine-evo
Complete open-source clone/rewrite of the masterpiece jump-and-run platformer Doukutsu Monogatari (also known as Cave Story)
pkgs.xenia-canary
Xbox 360 Emulator Research Project
-
nixos-unstable 0-unstable-2026-05-03
- nixpkgs-unstable 0-unstable-2026-06-05
- nixos-unstable-small 0-unstable-2026-06-05
-
nixos-26.05 0-unstable-2026-05-03
- nixos-26.05-small 0-unstable-2026-05-03
- nixpkgs-26.05-darwin 0-unstable-2026-05-03
pkgs.xen-guest-agent
Xen agent running in Linux/BSDs (POSIX) VMs
-
nixos-unstable 0.4.0-unstable-2024-05-31
- nixpkgs-unstable 0.4.0-unstable-2024-05-31
- nixos-unstable-small 0.4.0-unstable-2024-05-31
-
nixos-26.05 0.4.0-unstable-2024-05-31
- nixos-26.05-small 0.4.0-unstable-2024-05-31
- nixpkgs-26.05-darwin 0.4.0-unstable-2024-05-31
pkgs.libretro.nxengine
None
-
nixos-unstable 0-unstable-2026-04-09
- nixos-unstable-small 0-unstable-2026-04-09
-
nixos-26.05 0-unstable-2026-04-09
- nixos-26.05-small 0-unstable-2026-04-09
- nixpkgs-26.05-darwin 0-unstable-2026-04-09
pkgs.grub2_pvgrub_image
PvGrub2 image for booting PV Xen guests
pkgs.grub2_pvhgrub_image
None
pkgs.hunspellDicts.eu-es
None
-
nixos-unstable 5-2015.11.10
- nixos-unstable-small 5-2015.11.10
-
nixos-26.05 5-2015.11.10
- nixos-26.05-small 5-2015.11.10
- nixpkgs-26.05-darwin 5-2015.11.10
pkgs.hunspellDicts.eu_ES
Basque (Xuxen 5)
-
nixos-unstable 5-2015.11.10
- nixpkgs-unstable 5-2015.11.10
- nixos-unstable-small 5-2015.11.10
-
nixos-26.05 5-2015.11.10
- nixos-26.05-small 5-2015.11.10
- nixpkgs-26.05-darwin 5-2015.11.10
pkgs.haskellPackages.xeno
None
pkgs.python313Packages.xen
Type-1 hypervisor intended for embedded and hyperscale use cases
pkgs.python314Packages.xen
Type-1 hypervisor intended for embedded and hyperscale use cases
pkgs.ocamlPackages.xenstore
Xenstore protocol in pure OCaml
pkgs.ocamlPackages.mirage-xen
Xen core platform libraries for MirageOS
pkgs.haskellPackages.xenomorph
None
pkgs.haskellPackages.xmlbf-xeno
xeno backend support for the xmlbf library
pkgs.nltk-data.maxent-ne-chunker
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
-
nixos-26.05 0-unstable-2024-07-29
- nixos-26.05-small 0-unstable-2024-07-29
- nixpkgs-26.05-darwin 0-unstable-2024-07-29
pkgs.ocamlPackages.xenstore-tool
Command line tool for interfacing with xenstore
pkgs.ocamlPackages.mirage-net-xen
Network device for reading and writing Ethernet frames via then Xen netfront/netback protocol
pkgs.python313Packages.pylatexenc
Simple LaTeX parser providing latex-to-unicode and unicode-to-latex conversion
pkgs.python314Packages.pylatexenc
Simple LaTeX parser providing latex-to-unicode and unicode-to-latex conversion
pkgs.ocamlPackages_latest.xenstore
Xenstore protocol in pure OCaml
pkgs.python313Packages.pyaxencoapi
Async Python client for Axenco MyNeomitis REST/Websocket API
pkgs.python314Packages.pyaxencoapi
Async Python client for Axenco MyNeomitis REST/Websocket API
pkgs.nltk-data.maxent-ne-chunker-tab
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
-
nixos-26.05 0-unstable-2024-07-29
- nixos-26.05-small 0-unstable-2024-07-29
- nixpkgs-26.05-darwin 0-unstable-2024-07-29
pkgs.ocamlPackages_latest.mirage-xen
Xen core platform libraries for MirageOS
pkgs.ocamlPackages.mirage-bootvar-xen
Handle boot-time arguments for Xen platform
pkgs.ocamlPackages.xenstore_transport
Low-level libraries for connecting to a xenstore service on a xen host
pkgs.ocamlPackages_latest.xenstore-tool
Command line tool for interfacing with xenstore
pkgs.ocamlPackages_latest.mirage-net-xen
Network device for reading and writing Ethernet frames via then Xen netfront/netback protocol
pkgs.nltk-data.maxent-treebank-pos-tagger
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
-
nixos-26.05 0-unstable-2024-07-29
- nixos-26.05-small 0-unstable-2024-07-29
- nixpkgs-26.05-darwin 0-unstable-2024-07-29
pkgs.ocamlPackages_latest.mirage-bootvar-xen
Handle boot-time arguments for Xen platform
pkgs.ocamlPackages_latest.xenstore_transport
Low-level libraries for connecting to a xenstore service on a xen host
pkgs.nltk-data.maxent-treebank-pos-tagger-tab
NLTK Data
-
nixos-unstable 0-unstable-2024-07-29
- nixpkgs-unstable 0-unstable-2024-07-29
- nixos-unstable-small 0-unstable-2024-07-29
-
nixos-26.05 0-unstable-2024-07-29
- nixos-26.05-small 0-unstable-2024-07-29
- nixpkgs-26.05-darwin 0-unstable-2024-07-29
Package maintainers
-
@hehongbo Hongbo
-
@RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz>
-
@SigmaSquadron Fernando Rodrigues <alpha@sigmasquadron.net>
-
@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>
-
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
-
@mjoerg Martin Joerg <martin.joerg@gmail.com>
-
@umazalakain Uma Zalakain <ping@umazalakain.info>
-
@bengsparks Ben Sparks <benjamin.sparks@protonmail.com>
-
@happysalada Raphael Megzari <raphael@megzari.com>
-
@sternenseemann Lukas Epple <sternenseemann@systemli.org>
-
@JamieMagee Jamie Magee <jamie.magee@gmail.com>
-
@alyssais Alyssa Ross <hi@alyssa.is>
-
@xdHampus Hampus
-
@tuxy Binh Nguyen <lastpass7565@gmail.com>
-
@jbedo Justin Bedő <cu@cua0.org>
-
@jfvillablanca Jann Marc Villablanca <jmfv.dev@gmail.com>