{"id":"CVE-2024-38531","summary":"Nix sandbox escape","details":"Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4.","aliases":["GHSA-q82p-44mg-mgh5"],"modified":"2026-04-02T12:17:15.223635Z","published":"2024-06-28T13:18:58.604Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38531.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-278"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/38xxx/CVE-2024-38531.json"},{"type":"ADVISORY","url":"https://github.com/NixOS/nix/security/advisories/GHSA-q82p-44mg-mgh5"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38531"},{"type":"FIX","url":"https://github.com/NixOS/nix/pull/10501"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nixos/nix","events":[{"introduced":"ba36959311e09bd798f7029c41e108d9d77c9ac0"},{"fixed":"20ac7811904d5ee00d1d16ed811544c9d3297e15"}],"database_specific":{"versions":[{"introduced":"2.23.0"},{"fixed":"2.23.1"}]}},{"type":"GIT","repo":"https://github.com/nixos/nix","events":[{"introduced":"5fd799cfa70d22a625bc706a599b6244f654718d"},{"fixed":"f5b7733e55bcf8df30a56660a8267978c02f3e0e"}],"database_specific":{"versions":[{"introduced":"2.22.0"},{"fixed":"2.22.2"}]}},{"type":"GIT","repo":"https://github.com/nixos/nix","events":[{"introduced":"34807c8906a61219ec2e9132c9cf0bd4d29e1d12"},{"fixed":"30fe48b8861d126d7a659b2554b848a36b3d62d4"}],"database_specific":{"versions":[{"introduced":"2.21.0"},{"fixed":"2.21.3"}]}},{"type":"GIT","repo":"https://github.com/nixos/nix","events":[{"introduced":"16e1ff3bcb5e785cce6bff8d0745e2a73fbd99de"},{"fixed":"2b15b0b9b0ff601f0eeb75f1efe707a09e05f828"}],"database_specific":{"versions":[{"introduced":"2.20.0"},{"fixed":"2.20.7"}]}},{"type":"GIT","repo":"https://github.com/nixos/nix","events":[{"introduced":"5b99c823ef95ba5c642ae105815d5acd4f093aa3"},{"fixed":"aab22e30b18ee9a6ebf4e51bbc216426e51a7041"}],"database_specific":{"versions":[{"introduced":"2.19.0"},{"fixed":"2.19.5"}]}},{"type":"GIT","repo":"https://github.com/nixos/nix","events":[{"introduced":"44fb1192185cdd03343da7faa08a1c605f773419"},{"fixed":"1ee7a9b84f273982906bdc99583d6bb93f67c189"}],"database_specific":{"versions":[{"introduced":"2.18.0"},{"fixed":"2.18.4"}]}}],"versions":["2.18.0","2.18.1","2.18.2","2.18.3","2.19.0","2.19.1","2.19.2","2.19.3","2.19.4","2.20.0","2.20.1","2.20.2","2.20.3","2.20.4","2.20.5","2.20.6","2.21.0","2.21.1","2.21.2","2.22.0","2.22.1","2.23.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38531.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L"}]}