Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2023-4135
6.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Out-of-bounds read information disclosure vulnerability

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

References

Affected products

qemu
qemu-kvm
  • ==8.1.0
qemu-kvm-ma
virt:av/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

  • nixos-unstable -

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

Package maintainers

Permalink CVE-2023-5157
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 3 weeks, 2 days ago by @anthonyroussel Activity log
  • Created automatic suggestion 6 months ago
  • @anthonyroussel removed package mariadb-connector-java 3 weeks, 2 days ago
Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

References

Affected products

galera
  • *
mariadb
  • ==10.8.4
  • ==10.7.5
  • ==10.6.9
  • ==10.5.17
  • ==10.3.36
  • *
  • ==10.4.26
mariadb:10.3
  • *
mariadb:10.5
  • *
mariadb:10.3/galera
mariadb:10.3/mariadb
mariadb:10.5/mariadb
mariadb:10.6/mariadb
mariadb:10.7/mariadb
mariadb:10.8/mariadb
mariadb:10.9/mariadb
rh-mariadb105-galera
  • *
rh-mariadb105-mariadb
  • *

Matching in nixpkgs

pkgs.mariadb_106

Enhanced, drop-in replacement for MySQL

pkgs.mariadb_114

Enhanced, drop-in replacement for MySQL

  • nixos-unstable -

pkgs.mariadb_118

Enhanced, drop-in replacement for MySQL

  • nixos-unstable -

pkgs.libmysqlclient_3_2

Client library that can be used to connect to MySQL or MariaDB

  • nixos-unstable -

pkgs.libmysqlclient_3_3

Client library that can be used to connect to MySQL or MariaDB

  • nixos-unstable -
Ignored packages (1)

pkgs.mariadb-connector-java

MariaDB Connector/J is used to connect applications developed in Java to MariaDB and MySQL databases

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-3773
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months ago
Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.

References

Affected products

kernel
  • *
kernel-rt

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-3640
7.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space

A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.

References

Affected products

kernel
  • *
kernel-rt

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-3347
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 6 months ago
Samba: smb2 packet signing is not enforced when "server signing = required" is set

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.

References

Affected products

samba
  • ==4.17.10
  • *
  • ==4.18.5
samba4

Matching in nixpkgs

pkgs.samba4

Standard Windows interoperability suite of programs for Linux and Unix

  • nixos-unstable -

pkgs.sambamba

SAM/BAM processing tool

  • nixos-unstable -

pkgs.sambaFull

Standard Windows interoperability suite of programs for Linux and Unix

  • nixos-unstable -

pkgs.samba4Full

Standard Windows interoperability suite of programs for Linux and Unix

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-42756
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Kernel: netfilter: race condition between ipset_cmd_add and ipset_cmd_swap

A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.

References

Affected products

kernel
  • ==6.6-rc3
  • *
kernel-rt

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-1386
3.3 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
Suid/sgid bits not dropped on file write

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.

References

Affected products

qemu
qemu-kvm
qemu-kvm-ma
virt:av/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

  • nixos-unstable -

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

Package maintainers

Permalink CVE-2023-32247
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Session setup memory exhaustion denial-of-service vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

References

Affected products

kernel
  • ==6.4-rc1
kernel-rt

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-4004
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.

References

Affected products

kernel
  • ==6.5-rc5
  • *
kernel-rt
  • *
kpatch-patch

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-3748
3.5 LOW
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months ago
Inifinite loop in babld message parsing may cause dos

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

References

Affected products

frr
  • ==8.5

Matching in nixpkgs

pkgs.frr

FRR BGP/OSPF/ISIS/RIP/RIPNG routing daemon suite

  • nixos-unstable -

Package maintainers