CVE-2023-33276

Summary

CVE-2023-36476 affects calamares-nixos-extensions, a package used in the graphical installer for NixOS. Versions prior to 0.3.13 allow the LUKS key file to be exposed as a plaintext CPIO archive in the `/boot` directory. This vulnerability only affects users with unencrypted `/boot` directories on non-UEFI systems or those with a LUKS partition different from `/`. A patch is expected in version 0.3.13, with backports anticipated for NixOS 22.11, 23.05, and unstable channels. As a workaround, expert users can re-encrypt their LUKS partitions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.