Critical security vulnerabilities (buffer overflows) have been discovered in Nix and Lix package manager daemons, allowing local attackers to execute arbitrary code as root in multi-user installations. The vulnerabilities require access to the daemon and ASLR weakening techniques to exploit. Patches have been released for multiple versions of both Nix and Lix, with NixOS providing updated packages.
Background
Nix and Lix are popular package managers used in NixOS and other Linux distributions, with the daemon typically running with root privileges. Buffer overflow vulnerabilities in such privileged components can lead to complete system compromise.
- Source
- Lobsters
- Published
- May 5, 2026 at 04:17 AM
- Score
- 9.0 / 10