Nixpkgs Security Tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to queue a suggestion for refinement.

to remove a suggestion from the queue.

CVE-2024-6409
7.0 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
created 6 months, 3 weeks ago
Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

Affected products

rhcos
  • *
OpenSSH
openssh
  • *

Matching in nixpkgs

pkgs.openssh_hpn

Implementation of the SSH protocol with high performance networking patches

pkgs.openssh_gssapi

Implementation of the SSH protocol with GSSAPI support

pkgs.opensshWithKerberos

Implementation of the SSH protocol

pkgs.openssh_hpnWithKerberos

Implementation of the SSH protocol with high performance networking patches

pkgs.lxqt.lxqt-openssh-askpass

GUI to query passwords on behalf of SSH agents

pkgs.perl538Packages.NetOpenSSH

Perl SSH client package implemented on top of OpenSSH

pkgs.perl540Packages.NetOpenSSH

Perl SSH client package implemented on top of OpenSSH

pkgs.perl540Packages.NetOpenSSH.x86_64-linux

Perl SSH client package implemented on top of OpenSSH

pkgs.perl540Packages.NetOpenSSH.aarch64-linux

Perl SSH client package implemented on top of OpenSSH

pkgs.perl540Packages.NetOpenSSH.x86_64-darwin

Perl SSH client package implemented on top of OpenSSH

pkgs.perl540Packages.NetOpenSSH.aarch64-darwin

Perl SSH client package implemented on top of OpenSSH

Package maintainers: 6

CVE-2024-6505
6.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 3 weeks ago
Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss

A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.

Affected products

qemu
  • <9.1.0
qemu-kvm
qemu-kvm-ma
virt:av/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

pkgs.qemu.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

pkgs.python311Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-user.x86_64-linux

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu-user.aarch64-linux

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu-utils.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_full.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_full.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_full.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu-python-utils.x86_64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-python-utils.aarch64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-python-utils.x86_64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-python-utils.aarch64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.x86_64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.aarch64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.x86_64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.aarch64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

Package maintainers: 10

CVE-2025-2559
4.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 3 weeks ago
Org.keycloak/keycloak-services: jwt token cache exhaustion leading to denial of service (dos) in keycloak

A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.

Affected products

keycloak
  • <26.0.11
  • <26.1.5
keycloak-services
rhbk/keycloak-rhel9
  • *
keycloak-rhel9-container
  • *
rhbk/keycloak-rhel9-operator
  • *
rhbk/keycloak-operator-bundle
  • *
keycloak-rhel9-operator-container
  • *
keycloak-rhel9-operator-bundle-container
  • *

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

pkgs.python311Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-linux

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.x86_64-darwin

Provides access to the Keycloak API

pkgs.python312Packages.python-keycloak.aarch64-darwin

Provides access to the Keycloak API

Package maintainers: 3

CVE-2024-7383
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 6 months, 3 weeks ago
Libnbd: nbd server improper certificate validation

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

Affected products

libnbd
  • *
  • <1.18.5
  • <1.20.2
virt:rhel
  • *
virt:av/libnbd
virt-devel:rhel
  • *
virt:rhel/libnbd

Matching in nixpkgs

pkgs.libnbd.x86_64-linux

Network Block Device client library in userspace

pkgs.libnbd.aarch64-linux

Network Block Device client library in userspace

pkgs.python311Packages.libnbd

Network Block Device client library in userspace

pkgs.python312Packages.libnbd

Network Block Device client library in userspace

pkgs.python313Packages.libnbd

Network Block Device client library in userspace

pkgs.python312Packages.libnbd.x86_64-linux

Network Block Device client library in userspace

pkgs.python312Packages.libnbd.aarch64-linux

Network Block Device client library in userspace

Package maintainers: 1

CVE-2024-8235
6.2 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 3 weeks ago
Libvirt: crash of virtinterfaced via virconnectlistinterfaces()

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.

Affected products

libvirt
  • *
  • <10.7.0
virt:av/libvirt
virt:rhel/libvirt

Matching in nixpkgs

pkgs.libvirt

Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes

pkgs.libvirt-glib

Library for working with virtual machines

pkgs.libvirt.x86_64-linux

Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes

pkgs.libvirt.aarch64-linux

Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes

pkgs.libvirt.x86_64-darwin

Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes

pkgs.libvirt.aarch64-darwin

Toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes

pkgs.libvirt-glib.x86_64-linux

Library for working with virtual machines

pkgs.python313Packages.libvirt

libvirt Python bindings

pkgs.rubyPackages.ruby-libvirt

pkgs.libvirt-glib.aarch64-linux

Library for working with virtual machines

pkgs.libvirt-glib.x86_64-darwin

Library for working with virtual machines

pkgs.libvirt-glib.aarch64-darwin

Library for working with virtual machines

pkgs.prometheus-libvirt-exporter

Prometheus metrics exporter for libvirt

pkgs.python312Packages.libvirt.x86_64-linux

libvirt Python bindings

pkgs.python312Packages.libvirt.aarch64-linux

libvirt Python bindings

pkgs.python312Packages.libvirt.x86_64-darwin

libvirt Python bindings

pkgs.python312Packages.libvirt.aarch64-darwin

libvirt Python bindings

pkgs.rubyPackages_3_1.ruby-libvirt.x86_64-linux

pkgs.rubyPackages_3_2.ruby-libvirt.x86_64-linux

pkgs.rubyPackages_3_3.ruby-libvirt.x86_64-linux

pkgs.rubyPackages_3_4.ruby-libvirt.x86_64-linux

pkgs.rubyPackages_3_1.ruby-libvirt.aarch64-linux

pkgs.rubyPackages_3_1.ruby-libvirt.x86_64-darwin

pkgs.rubyPackages_3_2.ruby-libvirt.aarch64-linux

pkgs.rubyPackages_3_2.ruby-libvirt.x86_64-darwin

pkgs.rubyPackages_3_3.ruby-libvirt.aarch64-linux

pkgs.rubyPackages_3_3.ruby-libvirt.x86_64-darwin

pkgs.rubyPackages_3_4.ruby-libvirt.aarch64-linux

pkgs.rubyPackages_3_4.ruby-libvirt.x86_64-darwin

pkgs.rubyPackages_3_1.ruby-libvirt.aarch64-darwin

pkgs.rubyPackages_3_2.ruby-libvirt.aarch64-darwin

pkgs.rubyPackages_3_3.ruby-libvirt.aarch64-darwin

pkgs.rubyPackages_3_4.ruby-libvirt.aarch64-darwin

Package maintainers: 4

CVE-2025-4969
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months, 3 weeks ago
Libsoup: off-by-one out-of-bounds read in find_boundary() in soup-multipart.c

A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read).

Affected products

libsoup
  • =<3.6.5
libsoup3

Matching in nixpkgs

pkgs.libsoup_3.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-linux

HTTP client/server library for GNOME

pkgs.libsoup_3.aarch64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-linux

HTTP client/server library for GNOME

pkgs.libsoup_2_4.x86_64-darwin

HTTP client/server library for GNOME

pkgs.libsoup_2_4.aarch64-darwin

HTTP client/server library for GNOME

pkgs.tests.pkg-config.defaultPkgConfigPackages."libsoup-gnome-2.4"

Test whether libsoup-2.74.3 exposes pkg-config modules libsoup-gnome-2.4

Package maintainers: 6

CVE-2024-8354
5.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 3 weeks ago
Qemu-kvm: usb: assertion failure in usb_ep_get()

A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.

Affected products

qemu
qemu-kvm
qemu-kvm-ma
virt:av/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

pkgs.qemu.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

pkgs.python311Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-user.x86_64-linux

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu-user.aarch64-linux

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu-utils.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_full.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_full.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_full.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu-python-utils.x86_64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-python-utils.aarch64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-python-utils.x86_64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-python-utils.aarch64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.x86_64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.aarch64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.x86_64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.aarch64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

Package maintainers: 10

CVE-2024-7409
created 6 months, 3 weeks ago
Qemu: denial of service via improper synchronization in qemu nbd server during socket closure

A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.

Affected products

qemu
  • ==9.0.0
  • ==8.2.0
  • ==7.2.0
rhcos
  • *
qemu-kvm
  • *
virt:rhel
  • *
qemu-kvm-ma
virt-devel:rhel
  • *
virt:av/qemu-kvm
virt:8.2/qemu-kvm
virt:rhel/qemu-kvm
virt-devel:av/qemu-kvm
virt-devel:8.2/qemu-kvm
virt-devel:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

pkgs.qemu.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

pkgs.python311Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-user.x86_64-linux

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu-user.aarch64-linux

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu-utils.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_full.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_full.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_full.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu-python-utils.x86_64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-python-utils.aarch64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-python-utils.x86_64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-python-utils.aarch64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.x86_64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.aarch64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.x86_64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.aarch64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

Package maintainers: 10

CVE-2024-4467
7.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 6 months, 3 weeks ago
Qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.

Affected products

qemu
  • <9.1.0
virt:av
  • *
qemu-kvm
  • *
virt:8.2
  • *
virt:rhel
  • *
qemu-kvm-ma
virt-devel:av
  • *
virt-devel:rhel
  • *
virt:av/qemu-kvm
virt:rhel/qemu-kvm
container-native-virtualization/virt-cdi-operator-rhel9

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

pkgs.qemu.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_xen.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.armTrustedFirmwareQemu

Reference implementation of secure world software for ARMv8-A

pkgs.python311Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python313Packages.qemu

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-user.x86_64-linux

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu_full.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu-user.aarch64-linux

QEMU User space emulator - launch executables compiled for one CPU on another CPU

pkgs.qemu-utils.x86_64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_full.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_full.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_kvm.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils.aarch64-linux

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils.x86_64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_full.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu_test.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu-utils.aarch64-darwin

Generic and open source machine emulator and virtualizer

pkgs.qemu-python-utils.x86_64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-python-utils.aarch64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-python-utils.x86_64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.qemu-python-utils.aarch64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.x86_64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.aarch64-linux

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.x86_64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

pkgs.python312Packages.qemu.aarch64-darwin

Python tooling used by the QEMU project to build, configure, and test QEMU

Package maintainers: 10

CVE-2024-28834
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months, 3 weeks ago
Gnutls: vulnerable to minerva side-channel information leak

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

Affected products

gnutls
  • *
  • ==3.7.6-23

Matching in nixpkgs

pkgs.python312Packages.python3-gnutls.x86_64-linux

Python wrapper for the GnuTLS library

pkgs.python312Packages.python3-gnutls.aarch64-linux

Python wrapper for the GnuTLS library

pkgs.python312Packages.python3-gnutls.x86_64-darwin

Python wrapper for the GnuTLS library

pkgs.python312Packages.python3-gnutls.aarch64-darwin

Python wrapper for the GnuTLS library

Package maintainers: 3