Nixpkgs Security Tracker

Login with GitHub

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:
Compact
Detailed
Permalink CVE-2023-4692
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

References

Affected products

grub
  • *
grub2
  • *

Matching in nixpkgs

pkgs.grub2_pvgrub_image

PvGrub2 image for booting PV Xen guests

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.grub2_pvhgrub_image

PvGrub2 image for booting PVH Xen guests

  • nixos-unstable -
    • nixpkgs-unstable

Package maintainers

Permalink CVE-2023-5215
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): ADJACENT_NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Libnbd: nbs server does not return expeted block size

A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.

References

Affected products

libnbd
  • ==1.18.0
  • *
virt:av/libnbd
virt:rhel/libnbd
virt-devel:av/libnbd

Matching in nixpkgs

pkgs.libnbd

Network Block Device client library in userspace

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-0193
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month, 2 weeks ago by @jopejoe1 Activity log
  • Created automatic suggestion 6 months ago
  • @jopejoe1 removed
    106 packages
    • coq-kernel
    • kernelshark
    • linuxPackages.zfs_2_2
    • linuxPackages.zfs_2_3
    • kernel-hardening-checker
    • linuxPackages.linux-gpib
    • linuxPackages_lqx.zfs_2_3
    • linuxPackages_zen.zfs_2_3
    • python312Packages.kernels
    • python313Packages.kernels
    • linuxPackages.zfs_unstable
    • linuxPackages-libre.zfs_2_2
    • linuxPackages-libre.zfs_2_3
    • python312Packages.ipykernel
    • python313Packages.ipykernel
    • linuxPackages_latest.zfs_2_3
    • linuxPackages_lqx.linux-gpib
    • linuxPackages_xanmod.zfs_2_2
    • linuxPackages_xanmod.zfs_2_3
    • linuxPackages_zen.linux-gpib
    • python312Packages.metakernel
    • python312Packages.nix-kernel
    • python313Packages.metakernel
    • python313Packages.nix-kernel
    • python312Packages.bash-kernel
    • python313Packages.bash-kernel
    • haskellPackages.ipython-kernel
    • linuxPackages-libre.linux-gpib
    • linuxPackages_lqx.zfs_unstable
    • linuxPackages_zen.zfs_unstable
    • rocmPackages.composable_kernel
    • linuxPackages_latest.linux-gpib
    • linuxPackages_xanmod.linux-gpib
    • gnomeExtensions.kernel-indicator
    • linuxPackages-libre.zfs_unstable
    • python312Packages.ansible-kernel
    • python312Packages.spyder-kernels
    • python313Packages.ansible-kernel
    • python313Packages.spyder-kernels
    • rocmPackages_6.composable_kernel
    • linuxPackages_latest.zfs_unstable
    • linuxPackages_xanmod.zfs_unstable
    • linuxPackages_latest-libre.zfs_2_3
    • python312Packages.jupyter-c-kernel
    • python313Packages.jupyter-c-kernel
    • linuxPackages_xanmod_stable.zfs_2_3
    • linuxPackages_latest-libre.linux-gpib
    • linuxKernel.packages.linux_5_4.zfs_2_2
    • linuxKernel.packages.linux_5_4.zfs_2_3
    • linuxKernel.packages.linux_6_1.zfs_2_2
    • linuxKernel.packages.linux_6_1.zfs_2_3
    • linuxKernel.packages.linux_6_6.zfs_2_2
    • linuxKernel.packages.linux_6_6.zfs_2_3
    • linuxKernel.packages.linux_lqx.zfs_2_3
    • linuxKernel.packages.linux_zen.zfs_2_3
    • linuxPackages_xanmod_stable.linux-gpib
    • linuxKernel.packages.linux_5_10.zfs_2_2
    • linuxKernel.packages.linux_5_10.zfs_2_3
    • linuxKernel.packages.linux_5_15.zfs_2_2
    • linuxKernel.packages.linux_5_15.zfs_2_3
    • linuxKernel.packages.linux_6_12.zfs_2_2
    • linuxKernel.packages.linux_6_12.zfs_2_3
    • linuxKernel.packages.linux_6_16.zfs_2_3
    • linuxPackages_latest-libre.zfs_unstable
    • linuxKernel.packages.linux_libre.zfs_2_2
    • linuxKernel.packages.linux_libre.zfs_2_3
    • linuxPackages_xanmod_stable.zfs_unstable
    • home-assistant-component-tests.hardkernel
    • linuxKernel.packages.linux_5_4.linux-gpib
    • linuxKernel.packages.linux_6_1.linux-gpib
    • linuxKernel.packages.linux_6_6.linux-gpib
    • linuxKernel.packages.linux_lqx.linux-gpib
    • linuxKernel.packages.linux_xanmod.zfs_2_2
    • linuxKernel.packages.linux_xanmod.zfs_2_3
    • linuxKernel.packages.linux_zen.linux-gpib
    • linuxKernel.packages.linux_5_10.linux-gpib
    • linuxKernel.packages.linux_5_15.linux-gpib
    • linuxKernel.packages.linux_6_12.linux-gpib
    • linuxKernel.packages.linux_6_16.linux-gpib
    • linuxKernel.packages.linux_5_4.zfs_unstable
    • linuxKernel.packages.linux_6_1.zfs_unstable
    • linuxKernel.packages.linux_6_6.zfs_unstable
    • linuxKernel.packages.linux_hardened.zfs_2_2
    • linuxKernel.packages.linux_hardened.zfs_2_3
    • linuxKernel.packages.linux_libre.linux-gpib
    • linuxKernel.packages.linux_lqx.zfs_unstable
    • linuxKernel.packages.linux_zen.zfs_unstable
    • linuxKernel.packages.linux_5_10.zfs_unstable
    • linuxKernel.packages.linux_5_15.zfs_unstable
    • linuxKernel.packages.linux_6_12.zfs_unstable
    • linuxKernel.packages.linux_6_16.zfs_unstable
    • linuxKernel.packages.linux_xanmod.linux-gpib
    • linuxKernel.packages.linux_libre.zfs_unstable
    • linuxKernel.packages.linux_hardened.linux-gpib
    • linuxKernel.packages.linux_xanmod.zfs_unstable
    • linuxKernel.packages.linux_latest_libre.zfs_2_3
    • linuxKernel.packages.linux_6_12_hardened.zfs_2_2
    • linuxKernel.packages.linux_6_12_hardened.zfs_2_3
    • linuxKernel.packages.linux_hardened.zfs_unstable
    • linuxKernel.packages.linux_xanmod_stable.zfs_2_3
    • linuxKernel.packages.linux_latest_libre.linux-gpib
    • linuxKernel.packages.linux_6_12_hardened.linux-gpib
    • linuxKernel.packages.linux_xanmod_stable.linux-gpib
    • linuxKernel.packages.linux_latest_libre.zfs_unstable
    • linuxKernel.packages.linux_6_12_hardened.zfs_unstable
    • linuxKernel.packages.linux_xanmod_stable.zfs_unstable
    1 month, 2 weeks ago
Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user to escalate their privileges on the system.

References

Affected products

kernel
  • *
kernel-rt
  • *
openshift-logging/vector-rhel9
  • *
openshift-logging/fluentd-rhel9
  • *
openshift-logging/eventrouter-rhel9
  • *
openshift-logging/logging-loki-rhel9
  • *
openshift-logging/loki-rhel9-operator
  • *
openshift-logging/opa-openshift-rhel9
  • *
openshift-logging/elasticsearch6-rhel9
  • *
openshift-logging/loki-operator-bundle
  • *
openshift-logging/logging-curator5-rhel9
  • *
openshift-logging/lokistack-gateway-rhel9
  • *
openshift-logging/elasticsearch-proxy-rhel9
  • *
openshift-logging/logging-view-plugin-rhel9
  • *
openshift-logging/elasticsearch-rhel9-operator
  • *
openshift-logging/elasticsearch-operator-bundle
  • *
openshift-logging/cluster-logging-rhel9-operator
  • *
openshift-logging/log-file-metric-exporter-rhel9
  • *
openshift-logging/cluster-logging-operator-bundle
  • *

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-6377
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

References

Affected products

tigervnc
  • *
xwayland
  • ==23.2.3
xorg-server
  • ==21.1.10
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

  • nixos-unstable -
Permalink CVE-2023-6478
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

References

Affected products

tigervnc
  • *
xwayland
  • ==23.2.3
xorg-server
  • ==21.1.10
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

  • nixos-unstable -
Permalink CVE-2023-6693
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.

References

Affected products

qemu
qemu-kvm
  • *
virt:rhel
  • *
qemu-kvm-ma
virt-devel:rhel
  • *
virt:av/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

  • nixos-unstable -

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

Package maintainers

Permalink CVE-2023-6918
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months ago
Libssh: missing checks for return values for digests

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.

References

Affected products

libssh
  • ==0.10.6
  • ==0.9.8
  • *
libssh2
mingw-libssh2

Matching in nixpkgs

pkgs.libssh

SSH client library

  • nixos-unstable -

pkgs.libssh2

Client-side C library implementing the SSH2 protocol

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-7192
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Kernel: refcount leak in ctnetlink_create_conntrack()

A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.

References

Affected products

Kernel
  • ==6.3-rc1
kernel
  • *
kernel-rt
  • *

Matching in nixpkgs

pkgs.linux-doc

Linux kernel html documentation

  • nixos-unstable -

pkgs.coq-kernel

None

  • nixos-unstable -
    • nixpkgs-unstable

pkgs.kernelshark

GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-5367
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

References

Affected products

tigervnc
  • *
xwayland
  • ==23.2.2
xorg-server
  • ==21.1.9
xorg-x11-server
  • *
xorg-x11-server-Xwayland
  • *

Matching in nixpkgs

pkgs.tigervnc

Fork of tightVNC, made in cooperation with VirtualGL

  • nixos-unstable -
Permalink CVE-2023-3961
9.1 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months ago
Samba: smbd allows client access to unix domain sockets on the file system as root

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.

References

Affected products

samba
  • *
  • ==4.18.8
  • ==4.17.12
  • ==4.19.1
samba4

Matching in nixpkgs

pkgs.samba4

Standard Windows interoperability suite of programs for Linux and Unix

  • nixos-unstable -

pkgs.sambamba

SAM/BAM processing tool

  • nixos-unstable -

pkgs.sambaFull

Standard Windows interoperability suite of programs for Linux and Unix

  • nixos-unstable -

pkgs.samba4Full

Standard Windows interoperability suite of programs for Linux and Unix

  • nixos-unstable -

Package maintainers