Nixpkgs security tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: armTrustedFirmwareQemu

Found 6 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-7415
9.8 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 1 week ago Activity log
  • Created suggestion 1 week ago
Open MQTT orchestration without read/write ACLs in Yarbo robot firmware

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization of any kind.

Affected products

Firmware
  • =<2.3.9

Matching in nixpkgs

pkgs.zd1211fw

Firmware for the ZyDAS ZD1211(b) 802.11a/b/g USB WLAN chip

  • nixos-unstable 1.5
    • nixpkgs-unstable 1.5
    • nixos-unstable-small 1.5
  • nixos-25.11 1.5
    • nixos-25.11-small 1.5
    • nixpkgs-25.11-darwin 1.5

pkgs.gnome-firmware

Tool for installing firmware on devices

  • nixos-unstable 49.0
    • nixpkgs-unstable 49.0
    • nixos-unstable-small 49.0
  • nixos-25.11 49.0
    • nixos-25.11-small 49.0
    • nixpkgs-25.11-darwin 49.0

pkgs.ipw2200-firmware

Firmware for Intel 2200BG cards

  • nixos-unstable 3.1
    • nixpkgs-unstable 3.1
    • nixos-unstable-small 3.1
  • nixos-25.11 3.1
    • nixos-25.11-small 3.1
    • nixpkgs-25.11-darwin 3.1

pkgs.intel2200BGFirmware

Firmware for Intel 2200BG cards

  • nixos-unstable 3.1
    • nixpkgs-unstable 3.1
    • nixos-unstable-small 3.1
  • nixos-25.11 3.1
    • nixos-25.11-small 3.1
    • nixpkgs-25.11-darwin 3.1

pkgs.uefi-firmware-parser

Tool for parsing, extracting, and recreating UEFI firmware volumes

  • nixos-unstable 1.13
    • nixpkgs-unstable 1.13
    • nixos-unstable-small 1.13
  • nixos-25.11 1.12
    • nixos-25.11-small 1.12
    • nixpkgs-25.11-darwin 1.12

pkgs.nitrokey-start-firmware

Firmware for the Nitrokey Start device

  • nixos-unstable 13
    • nixpkgs-unstable 13
    • nixos-unstable-small 13
  • nixos-25.11 13
    • nixos-25.11-small 13
    • nixpkgs-25.11-darwin 13

Package maintainers

Permalink CVE-2026-7413
7.2 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 1 week ago Activity log
  • Created suggestion 1 week ago
Persistent undocumented backdoor access in Yarbo robot

A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.

Affected products

Firmware
  • =<2.3.9

Matching in nixpkgs

pkgs.zd1211fw

Firmware for the ZyDAS ZD1211(b) 802.11a/b/g USB WLAN chip

  • nixos-unstable 1.5
    • nixpkgs-unstable 1.5
    • nixos-unstable-small 1.5
  • nixos-25.11 1.5
    • nixos-25.11-small 1.5
    • nixpkgs-25.11-darwin 1.5

pkgs.gnome-firmware

Tool for installing firmware on devices

  • nixos-unstable 49.0
    • nixpkgs-unstable 49.0
    • nixos-unstable-small 49.0
  • nixos-25.11 49.0
    • nixos-25.11-small 49.0
    • nixpkgs-25.11-darwin 49.0

pkgs.ipw2200-firmware

Firmware for Intel 2200BG cards

  • nixos-unstable 3.1
    • nixpkgs-unstable 3.1
    • nixos-unstable-small 3.1
  • nixos-25.11 3.1
    • nixos-25.11-small 3.1
    • nixpkgs-25.11-darwin 3.1

pkgs.intel2200BGFirmware

Firmware for Intel 2200BG cards

  • nixos-unstable 3.1
    • nixpkgs-unstable 3.1
    • nixos-unstable-small 3.1
  • nixos-25.11 3.1
    • nixos-25.11-small 3.1
    • nixpkgs-25.11-darwin 3.1

pkgs.uefi-firmware-parser

Tool for parsing, extracting, and recreating UEFI firmware volumes

  • nixos-unstable 1.13
    • nixpkgs-unstable 1.13
    • nixos-unstable-small 1.13
  • nixos-25.11 1.12
    • nixos-25.11-small 1.12
    • nixpkgs-25.11-darwin 1.12

pkgs.nitrokey-start-firmware

Firmware for the Nitrokey Start device

  • nixos-unstable 13
    • nixpkgs-unstable 13
    • nixos-unstable-small 13
  • nixos-25.11 13
    • nixos-25.11-small 13
    • nixpkgs-25.11-darwin 13

Package maintainers

Permalink CVE-2025-14876
5.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
Qemu-kvm: unbounded allocation in virtio-crypto

A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process to terminate unexpectedly.

References

Affected products

qemu
  • =<10.2.0
rhcos
qemu-kvm
qemu-kvm-ma
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

Package maintainers

Permalink CVE-2026-0665
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
Qemu-kvm: heap off-by-one in kvm xen physdevop_map_pirq

An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

References

Affected products

qemu
  • =<10.2.0
rhcos
qemu-kvm
qemu-kvm-ma
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

Package maintainers

Permalink CVE-2025-8860
3.3 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
Qemu-kvm: uefi-vars: information disclosure vulnerability in uefi_vars_write callback

A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. When the guest later reads from register UEFI_VARS_REG_PIO_BUFFER_TRANSFER, the .read callback `uefi_vars_read` returns leftover metadata or other sensitive process memory from the previously allocated buffer, leading to an information disclosure vulnerability.

References

Affected products

qemu
  • <10.1.0
rhcos
qemu-kvm
qemu-kvm-ma
virt:av/qemu-kvm
virt:8.2/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

Package maintainers

Permalink CVE-2025-11234
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 3 months, 3 weeks ago Activity log
  • Created suggestion 3 months, 3 weeks ago
Qemu-kvm: vnc websocket handshake use-after-free

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.

References

Affected products

qemu
  • <10.1.2
rhcos
  • *
qemu-kvm
  • *
qemu-kvm-ma
virt:av/qemu-kvm
virt:8.2/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

Package maintainers