Published
Permalink
CVE-2026-30892
0.0 NONE
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): NONE
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
8 packages
- nym
- crunch
- y-cruncher
- speedcrunch
- ocaml-crunch
- ocamlPackages.crunch
- ocamlPackages_latest.crunch
- vscode-extensions.42crunch.vscode-openapi
- @LeSuisse accepted
- @LeSuisse published on GitHub
Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.
References
- https://github.com/containers/crun/commit/1bd7f42446999b0e76bc3d575392e05c943b0b01 x_refsource_MISC
- https://github.com/containers/crun/releases/tag/1.27 x_refsource_MISC
- https://github.com/containers/crun/security/advisories/GHSA-4vg2-xjqj-7chj x_refsource_CONFIRM
Affected products
crun
- ==>= 1.19, < 1.27
Matching in nixpkgs
Ignored packages (8)
pkgs.nym
Mixnet providing IP-level privacy
-
nixos-unstable 2024.14-crunch-patched
- nixpkgs-unstable 2024.14-crunch-patched
- nixos-unstable-small 2024.14-crunch-patched
-
nixos-25.11 2024.14-crunch-patched
- nixos-25.11-small 2024.14-crunch-patched
- nixpkgs-25.11-darwin 2024.14-crunch-patched
pkgs.crunch
Wordlist generator
pkgs.y-cruncher
Compute Pi and other constants to billions of digits
-
nixos-unstable 0.8.7.9547
- nixpkgs-unstable 0.8.7.9547
- nixos-unstable-small 0.8.7.9547
-
nixos-25.11 0.8.7.9547
- nixos-25.11-small 0.8.7.9547
- nixpkgs-25.11-darwin 0.8.7.9547
pkgs.speedcrunch
Fast power user calculator
-
nixos-unstable 0.12-unstable-2024-12-02
- nixpkgs-unstable 0.12-unstable-2024-12-02
- nixos-unstable-small 0.12-unstable-2024-12-02
-
nixos-25.11 0.12-unstable-2024-12-02
- nixos-25.11-small 0.12-unstable-2024-12-02
- nixpkgs-25.11-darwin 0.12-unstable-2024-12-02
pkgs.ocaml-crunch
Convert a filesystem into a static OCaml module
pkgs.ocamlPackages.crunch
Convert a filesystem into a static OCaml module
pkgs.ocamlPackages_latest.crunch
Convert a filesystem into a static OCaml module
pkgs.vscode-extensions.42crunch.vscode-openapi
Visual Studio Code extension with rich support for the OpenAPI Specification (OAS)
-
nixos-unstable 42Crunch-vscode-openapi-4.40.0
- nixpkgs-unstable 42Crunch-vscode-openapi-4.40.0
- nixos-unstable-small 42Crunch-vscode-openapi-4.40.0
-
nixos-25.11 42Crunch-vscode-openapi-4.40.0
- nixos-25.11-small 42Crunch-vscode-openapi-4.40.0
- nixpkgs-25.11-darwin 42Crunch-vscode-openapi-4.40.0
Package maintainers
-
@saschagrunert Sascha Grunert <mail@saschagrunert.de>
-
@vdemeester Vincent Demeester <vincent@sbr.pm>