CVE-2025-32438
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-32438
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32438.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-32438
- Aliases
-
- GHSA-m7pq-h9p4-8rr4
- Published
- 2025-04-15T20:15:39Z
- Modified
- 2025-04-16T15:20:58.375779Z
- Summary
- [none]
- Details
-
make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;.
- References
Affected packages
Git / github.com/nixos/nixpkgs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nixos/nixpkgs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.1
0.13
0.14
0.2
0.3
0.4
15.*
15.09-beta
16.*
16.09-beta
17.*
17.09-beta
18.*
18.03-beta
18.09-beta
21.*
21.11-pre
22.*
22.05-pre
23.*
23.05-pre
23.11-beta
23.11-pre
24.*
24.05-pre
24.11
24.11-beta
24.11-pre
Other
backups/cve-2010-3856@34170
backups/kernel-config@19023
backups/libpng15@32782
backups/martin@828
backups/master@10848
backups/master@59
backups/modular-python@26697
backups/multiple-outputs-sandbox@34172
backups/multitask-builds@34175
backups/nixos-pkgs@34170
backups/pure-python@34174
backups/stdenv-updates-merge@10849
backups/stdenv-updates2@18273
backups/stdenv-updates2@18282
backups/stdenv-updates@15332
backups/stdenv-updates@19858
backups/stdenv-updates@32824
backups/stdenv-updates@34093
backups/udev-173@28837
backups/usability@34170
backups/x-updates@22736
backups/x-updates@26704
binary
black@2016-05-13
v192
v206
v208
backups/glib-2.*
backups/glib-2.30-take2@33502
backups/kde-4.*
backups/kde-4.7@34170
backups/xorg-7.*
backups/xorg-7.5@18179
branch-off-24.*
branch-off-24.11
last-glibc-2.*
last-glibc-2.13
release-16.*
release-16.03-start