Nixpkgs security tracker

Published

Permalink CVE-2026-30892

0.0 NONE

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 2 months, 4 weeks ago by @LeSuisse Activity log

Created suggestion 2 months, 4 weeks ago
@LeSuisse ignored
8 packages
- nym
- crunch
- y-cruncher
- speedcrunch
- ocaml-crunch
- ocamlPackages.crunch
- ocamlPackages_latest.crunch
- vscode-extensions.42crunch.vscode-openapi
2 months, 4 weeks ago
@LeSuisse accepted 2 months, 4 weeks ago
@LeSuisse published on GitHub 2 months, 4 weeks ago

Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.

References

https://github.com/containers/crun/security/advisories/GHSA-4vg2-xjqj-7chj x_refsource_CONFIRM
https://github.com/containers/crun/commit/1bd7f42446999b0e76bc3d575392e05c943b0b01 x_refsource_MISC
https://github.com/containers/crun/releases/tag/1.27 x_refsource_MISC

Affected products

crun

==>= 1.19, < 1.27

Matching in nixpkgs

pkgs.crun

Fast and lightweight fully featured OCI runtime and C library for running containers

nixos-unstable 1.26
- nixpkgs-unstable 1.26
- nixos-unstable-small 1.26

Ignored packages (8)

pkgs.nym

Mixnet providing IP-level privacy

nixos-unstable 2024.14-crunch-patched
- nixpkgs-unstable 2024.14-crunch-patched
- nixos-unstable-small 2024.14-crunch-patched

pkgs.crunch

Wordlist generator

nixos-unstable 3.6
- nixpkgs-unstable 3.6
- nixos-unstable-small 3.6

pkgs.y-cruncher

Compute Pi and other constants to billions of digits

nixos-unstable 0.8.7.9547
- nixpkgs-unstable 0.8.7.9547
- nixos-unstable-small 0.8.7.9547

pkgs.speedcrunch

High-precision scientific calculator

nixos-unstable 0.12-unstable-2024-12-02
- nixpkgs-unstable 0.12-unstable-2024-12-02
- nixos-unstable-small 0.12-unstable-2024-12-02

pkgs.ocaml-crunch

Convert a filesystem into a static OCaml module

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.ocamlPackages.crunch

Convert a filesystem into a static OCaml module

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.ocamlPackages_latest.crunch

Convert a filesystem into a static OCaml module

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.vscode-extensions.42crunch.vscode-openapi

Visual Studio Code extension with rich support for the OpenAPI Specification (OAS)

nixos-unstable 42Crunch-vscode-openapi-4.40.0
- nixpkgs-unstable 42Crunch-vscode-openapi-4.40.0
- nixos-unstable-small 42Crunch-vscode-openapi-4.40.0

Package maintainers

@vdemeester Vincent Demeester <vincent@sbr.pm>
@saschagrunert Sascha Grunert <mail@saschagrunert.de>

Upstream advisory: https://github.com/containers/crun/security/advisories/GHSA-4vg2-xjqj-7chj
Upstream patch: https://github.com/containers/crun/commit/1bd7f42446999b0e76bc3d575392e05c943b0b01

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.crun

pkgs.nym

pkgs.crunch

pkgs.y-cruncher

pkgs.speedcrunch

pkgs.ocaml-crunch

pkgs.ocamlPackages.crunch

pkgs.ocamlPackages_latest.crunch

pkgs.vscode-extensions.42crunch.vscode-openapi

Package maintainers