CVE-2024-52867: n/a
CVE-2024-52867 is a high-severity privilege escalation vulnerability in guix-daemon of GNU Guix prior to commit 5ab3c4c. The flaw arises because build outputs are accessible by local users before file metadata, such as setuid and setgid bits, are properly set, allowing unauthorized privilege escalation. Exploitation requires local access but no user interaction or prior authentication. The vulnerability affects confidentiality, integrity, and availability, with a CVSS score of 8. 1. Remediation involves applying two specific commits (5ab3c4c and 5582241), followed by reconfiguration and restarting the daemon. No known exploits are currently reported in the wild. Organizations using GNU Guix, especially those running guix-daemon on multi-user systems, are at risk. This vulnerability is particularly relevant in countries with significant GNU Guix adoption in open-source and research environments.
AI Analysis
Technical Summary
CVE-2024-52867 is a vulnerability in the guix-daemon component of GNU Guix, a functional package management tool. The issue stems from the premature accessibility of build outputs to local users before the system properly applies critical file metadata, including setuid and setgid bits. This improper handling allows local users to escalate privileges by exploiting the window where build outputs are exposed without correct permissions. The vulnerability is classified under CWE-276 (Incorrect Default Permissions). The CVSS v3.1 score is 8.1, indicating high severity, with attack vector local (AV:L), attack complexity high (AC:H), no privileges required (PR:N), no user interaction (UI:N), and scope changed (S:C). The impact includes potential full system compromise due to unauthorized privilege escalation, affecting confidentiality, integrity, and availability. The fix requires applying two specific commits (5ab3c4c and 5582241) to the guix-daemon codebase, followed by reconfiguration and restarting the daemon to ensure proper file metadata enforcement. No public exploits have been reported yet, but the vulnerability poses a significant risk in multi-user environments where GNU Guix is deployed.
Potential Impact
The vulnerability allows local attackers to escalate privileges on systems running vulnerable versions of guix-daemon, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, modification or deletion of critical files, and disruption of system availability. Since guix-daemon manages package builds and outputs, exploitation could undermine the integrity of software deployed on affected systems. The scope change in the CVSS vector indicates that the vulnerability affects resources beyond the initially vulnerable component, increasing the risk profile. Organizations relying on GNU Guix in shared or multi-user environments, such as research institutions, open-source development environments, and certain Linux distributions, face elevated risk. The lack of required user interaction and privileges lowers the barrier for exploitation once local access is obtained, emphasizing the need for timely patching.
Mitigation Recommendations
1. Immediately apply the patches corresponding to commits 5ab3c4c and 5582241 to the guix-daemon source code. 2. Reconfigure the guix-daemon service after patching to ensure new configurations take effect. 3. Restart the guix-daemon to apply changes and enforce proper file metadata handling. 4. Restrict local user access to systems running guix-daemon to trusted personnel only, minimizing the risk of local exploitation. 5. Monitor system logs for unusual file permission changes or unauthorized access attempts related to build outputs. 6. Consider isolating guix-daemon processes using containerization or sandboxing techniques to limit the impact of potential exploits. 7. Regularly audit and update GNU Guix installations to incorporate security fixes promptly. 8. Educate system administrators about the importance of applying these patches and monitoring for suspicious activity.
Affected Countries
United States, Germany, France, Netherlands, Canada, United Kingdom, Japan, Australia, Sweden, Switzerland
CVE-2024-52867: n/a
Description
CVE-2024-52867 is a high-severity privilege escalation vulnerability in guix-daemon of GNU Guix prior to commit 5ab3c4c. The flaw arises because build outputs are accessible by local users before file metadata, such as setuid and setgid bits, are properly set, allowing unauthorized privilege escalation. Exploitation requires local access but no user interaction or prior authentication. The vulnerability affects confidentiality, integrity, and availability, with a CVSS score of 8. 1. Remediation involves applying two specific commits (5ab3c4c and 5582241), followed by reconfiguration and restarting the daemon. No known exploits are currently reported in the wild. Organizations using GNU Guix, especially those running guix-daemon on multi-user systems, are at risk. This vulnerability is particularly relevant in countries with significant GNU Guix adoption in open-source and research environments.
AI-Powered Analysis
Technical Analysis
CVE-2024-52867 is a vulnerability in the guix-daemon component of GNU Guix, a functional package management tool. The issue stems from the premature accessibility of build outputs to local users before the system properly applies critical file metadata, including setuid and setgid bits. This improper handling allows local users to escalate privileges by exploiting the window where build outputs are exposed without correct permissions. The vulnerability is classified under CWE-276 (Incorrect Default Permissions). The CVSS v3.1 score is 8.1, indicating high severity, with attack vector local (AV:L), attack complexity high (AC:H), no privileges required (PR:N), no user interaction (UI:N), and scope changed (S:C). The impact includes potential full system compromise due to unauthorized privilege escalation, affecting confidentiality, integrity, and availability. The fix requires applying two specific commits (5ab3c4c and 5582241) to the guix-daemon codebase, followed by reconfiguration and restarting the daemon to ensure proper file metadata enforcement. No public exploits have been reported yet, but the vulnerability poses a significant risk in multi-user environments where GNU Guix is deployed.
Potential Impact
The vulnerability allows local attackers to escalate privileges on systems running vulnerable versions of guix-daemon, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, modification or deletion of critical files, and disruption of system availability. Since guix-daemon manages package builds and outputs, exploitation could undermine the integrity of software deployed on affected systems. The scope change in the CVSS vector indicates that the vulnerability affects resources beyond the initially vulnerable component, increasing the risk profile. Organizations relying on GNU Guix in shared or multi-user environments, such as research institutions, open-source development environments, and certain Linux distributions, face elevated risk. The lack of required user interaction and privileges lowers the barrier for exploitation once local access is obtained, emphasizing the need for timely patching.
Mitigation Recommendations
1. Immediately apply the patches corresponding to commits 5ab3c4c and 5582241 to the guix-daemon source code. 2. Reconfigure the guix-daemon service after patching to ensure new configurations take effect. 3. Restart the guix-daemon to apply changes and enforce proper file metadata handling. 4. Restrict local user access to systems running guix-daemon to trusted personnel only, minimizing the risk of local exploitation. 5. Monitor system logs for unusual file permission changes or unauthorized access attempts related to build outputs. 6. Consider isolating guix-daemon processes using containerization or sandboxing techniques to limit the impact of potential exploits. 7. Regularly audit and update GNU Guix installations to incorporate security fixes promptly. 8. Educate system administrators about the importance of applying these patches and monitoring for suspicious activity.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-11-17T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6bb9b7ef31ef0b55a68b
Added to database: 2/25/2026, 9:38:01 PM
Last enriched: 2/26/2026, 1:39:29 AM
Last updated: 2/26/2026, 9:01:42 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing
UnknownCVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS
UnknownCVE-2026-28132: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in villatheme WooCommerce Photo Reviews
UnknownCVE-2026-28131: Insertion of Sensitive Information Into Sent Data in WPVibes Elementor Addon Elements
UnknownCVE-2026-28083: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in UX-themes Flatsome
UnknownActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.