VYPR
Low severity3.6OSV Advisory· Published Jun 28, 2024· Updated Apr 15, 2026

CVE-2024-38531

CVE-2024-38531

Description

Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nixos/NixOSV2 versions
    2.18.0, 2.18.1, 2.18.2, …+ 1 more
    • (no CPE)range: 2.18.0, 2.18.1, 2.18.2, …
    • (no CPE)range: <2.18.4, >=2.19.0 <2.19.5, >=2.20.0 <2.20.7, >=2.21.0 <2.21.3, >=2.22.0 <2.22.2, >=2.23.0 <2.23.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.