CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
33.5%
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy BIOS rather than UEFI; some disk partitions are encrypted; but the partitions containing either /
or /boot
are unencrypted; have their LUKS disk encryption key file in plain text either in /crypto_keyfile.bin
, or in a CPIO archive attached to their NixOS initrd. nixos-install
is not affected, nor are UEFI installations, nor was the default automatic partitioning configuration on legacy BIOS systems. The problem has been fixed in calamares-nixos-extensions 0.3.17, which was included in NixOS. The current installer images for the NixOS 24.05 and unstable (24.11) channels are unaffected. The fix reached 24.05 at 2024-08-13 20:06:59 UTC, and unstable at 2024-08-15 09:00:20 UTC. Installer images downloaded before those times may be vulnerable. The best solution for affected users is probably to back up their data and do a complete reinstallation. However, the mitigation procedure in GHSA-3rvf-24q2-24ww should work solely for the case where /
is encrypted but /boot
is not. If /
is unencrypted, then the /crypto_keyfile.bin
file will need to be deleted in addition to the remediation steps in the previous advisory. This issue is a partial regression of CVE-2023-36476 / GHSA-3rvf-24q2-24ww, which was more severe as it applied to the default configuration on BIOS systems.
Vendor | Product | Version | CPE |
---|---|---|---|
nixos | calamares_nixos_extensions | * | cpe:2.3:a:nixos:calamares_nixos_extensions:*:*:*:*:*:*:*:* |
[
{
"vendor": "NixOS",
"product": "calamares-nixos-extensions",
"versions": [
{
"version": "< 0.3.17",
"status": "affected"
}
]
}
]