Low severity3.6NVD Advisory· Published Jun 28, 2024· Updated Apr 15, 2026
CVE-2024-38531
CVE-2024-38531
Description
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4.
Patches
620ac7811904dhttps://github.com/NixOS/nixvia osv
f5b7733e55bchttps://github.com/NixOS/nixvia osv
30fe48b8861dhttps://github.com/NixOS/nixvia osv
2b15b0b9b0ffhttps://github.com/NixOS/nixvia osv
aab22e30b18ehttps://github.com/NixOS/nixvia osv
1ee7a9b84f27https://github.com/NixOS/nixvia osv
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.