A critical privilege escalation vulnerability in the Nix package manager allows local users to overwrite sensitive files and gain root privileges.

This is a flaw in the handling of symlinks during fixed-output derivation registration. A local, authenticated attacker can craft a build that follows a symlink to overwrite arbitrary files, including those owned by the root-privileged Nix daemon.

With a CVSS score of 9.0, this vulnerability poses a severe threat to any multi-user Linux environment using Nix. An attacker can achieve complete system compromise by overwriting system binaries or configuration files, leading to unauthorized root-level access and total control over the host.

Immediate Action: Upgrade the Nix package manager to the specified patched versions (e.g., 2.34.5 or the relevant maintenance release) immediately.

Proactive Monitoring: Review system logs for unauthorized modifications to critical system files or unusual build processes initiated by non-privileged users.

Compensating Controls: Restrict access to the Nix daemon to only trusted users if an immediate upgrade is not feasible.

Public Exploit Available: Unknown

This vulnerability is critical for multi-user Linux systems. Administrators must prioritize updating the Nix daemon to prevent local privilege escalation, as the current flaw provides a direct path for any user with build access to gain full administrative control.