CVE-2024-38531

Publication date 28 June 2024

Last updated 24 July 2024


Ubuntu priority

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4.

Status

Package Ubuntu Release Status
nix 24.10 oracular
Needs evaluation
24.04 LTS noble
Needs evaluation
23.10 mantic Ignored end of life, was needs-triage
22.04 LTS jammy
Needs evaluation
20.04 LTS focal Not in release