{"id":"CVE-2023-36476","summary":"`calamares-nixos-extensions` LUKS keyfile exposure","details":"calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves.","aliases":["GHSA-3rvf-24q2-24ww"],"modified":"2026-04-02T09:07:47.739871Z","published":"2023-06-29T00:18:42.532Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36476.json","cwe_ids":["CWE-200"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36476.json"},{"type":"ADVISORY","url":"https://github.com/NixOS/calamares-nixos-extensions/security/advisories/GHSA-3rvf-24q2-24ww"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36476"},{"type":"REPORT","url":"https://github.com/osresearch/heads/issues/1348"},{"type":"FIX","url":"https://github.com/vlinkz/calamares-nixos-extensions/commit/837ca4da5521a74d3b5ca6f7b88890a6713faa22"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nixos/calamares-nixos-extensions","events":[{"introduced":"0"},{"fixed":"d06ae23dbd71305e82d41778daa7dbb6ece124dc"}]}],"versions":["0.0.1","0.0.2","0.0.3","0.1.0","0.1.1","0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.3.0","0.3.1","0.3.10","0.3.11","0.3.12","0.3.2","0.3.3","0.3.4","0.3.5","0.3.6","0.3.7","0.3.8","0.3.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36476.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/vlinkz/calamares-nixos-extensions","events":[{"introduced":"0"},{"fixed":"837ca4da5521a74d3b5ca6f7b88890a6713faa22"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36476.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N"}]}