Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local privilege escalation in make-initrd-ng
Vulnerability Description
make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
创建拥有不安全权限的临时文件
Vulnerability Title
Nixpkgs 安全漏洞
Vulnerability Description
Nixpkgs是NixOS开源的一个 100000 多个软件包的集合。可以使用 Nix 包管理器安装。 Nixpkgs存在安全漏洞,该漏洞源于本地用户可以在关机时执行root权限的程序。
CVSS Information
N/A
Vulnerability Type
N/A