Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: gnomeExtensions.systemd-status

Found 6 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-40226
6.4 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 1 month ago by @LeSuisse Activity log
  • Created suggestion 1 month ago
  • @LeSuisse ignored package udev 1 month ago
In nspawn in systemd 233 through 259 before 260, an …

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

Affected products

systemd
  • <260

Matching in nixpkgs

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4
Ignored packages (1)

pkgs.udev

System and service manager for Linux

Package maintainers

Untriaged
Permalink CVE-2026-40224
6.7 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 1 month ago Activity log
  • Created suggestion 1 month ago
In systemd 259 before 260, there is local privilege escalation …

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.

Affected products

systemd
  • <260

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40228
2.9 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 1 month ago Activity log
  • Created suggestion 1 month ago
In systemd 259, systemd-journald can send ANSI escape sequences to …

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.

Affected products

systemd
  • ==259

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40223
4.7 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 1 month ago Activity log
  • Created suggestion 1 month ago
In systemd 258 before 260, a local unprivileged user can …

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.

Affected products

systemd
  • <260

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-40227
6.2 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 1 month ago Activity log
  • Created suggestion 1 month ago
In systemd 260 before 261, a local unprivileged user can …

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.

Affected products

systemd
  • <261

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

pkgs.systemd

System and service manager for Linux

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4

Package maintainers

Untriaged
Permalink CVE-2026-29111
5.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 1 month, 2 weeks ago Activity log
  • Created suggestion 1 month, 2 weeks ago
systemd: Local unprivileged user can trigger an assert

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.

Affected products

systemd
  • ==>= 259, < 259.2
  • ==>= 239, < 257.11
  • ==>= 258, < 258.5

Matching in nixpkgs

pkgs.udev

System and service manager for Linux

  • nixos-unstable 259
    • nixpkgs-unstable 259
    • nixos-unstable-small 259.3
  • nixos-25.11 258.3
    • nixos-25.11-small 258.3
    • nixpkgs-25.11-darwin 258.3

pkgs.systemd

System and service manager for Linux

  • nixos-unstable 259
    • nixpkgs-unstable 259
    • nixos-unstable-small 259.3
  • nixos-25.11 258.3
    • nixos-25.11-small 258.3
    • nixpkgs-25.11-darwin 258.3

pkgs.systemdLibs

System and service manager for Linux

  • nixos-unstable 259
    • nixpkgs-unstable 259
    • nixos-unstable-small 259.3
  • nixos-25.11 258.3
    • nixos-25.11-small 258.3
    • nixpkgs-25.11-darwin 258.3

pkgs.systemdUkify

System and service manager for Linux

  • nixos-unstable 259
    • nixpkgs-unstable 259
    • nixos-unstable-small 259.3
  • nixos-25.11 258.3
    • nixos-25.11-small 258.3
    • nixpkgs-25.11-darwin 258.3

pkgs.systemd-netlogd

Forwards messages from the journal to other hosts over the network

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

  • nixos-unstable 235
    • nixpkgs-unstable 235
    • nixos-unstable-small 235
  • nixos-25.11 235
    • nixos-25.11-small 235
    • nixpkgs-25.11-darwin 235

pkgs.ocamlPackages.systemd

OCaml module for native access to the systemd facilities

  • nixos-unstable 1.3
    • nixpkgs-unstable 1.3
    • nixos-unstable-small 1.3
  • nixos-25.11 1.3
    • nixos-25.11-small 1.3
    • nixpkgs-25.11-darwin 1.3

pkgs.update-systemd-resolved

Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus

pkgs.python313Packages.systemdunitparser

SystemdUnitParser is an extension to Python's configparser.RawConfigParser to properly parse systemd unit files

  • nixos-unstable 0.4
    • nixpkgs-unstable 0.4
    • nixos-unstable-small 0.4
  • nixos-25.11 0.4
    • nixos-25.11-small 0.4
    • nixpkgs-25.11-darwin 0.4