CVE-2024-27297

MEDIUM EPSS 43.6%
Published Mar 11, 20242y ago · Modified Jun 17, 20261w ago
5.9 CVSS 3.1
Medium
Find Similar
Published Mar 11, 2024 2y ago
Last Modified Jun 17, 2026 1w ago

Description

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Details

Base Score
5.9
Exploitability
2.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
43.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-367

Affected Products 4

VendorProductVersionRange
nixosnix* <2.3.18
nixosnix*≥2.4  –  <2.18.2
nixosnix*≥2.19.0  –  <2.19.4
nixosnix*≥2.20.0  –  <2.20.5

References 4

  • github.com https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000
    Patch
  • github.com https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
    Vendor Advisory
  • guix.gnu.org https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerabilities-2025/
  • hackmd.io https://hackmd.io/03UGerewRcy3db44JQoWvw
    Exploit

Remediation

  • github.com https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000
    Patch