CVSS Score of 10 (low)


Published Jun 29, 2023
Updated: Jul 7, 2023
CWE ID 522
CWE ID 200


CVE-2023-36476 is a vulnerability in calamares-nixos-extensions version 0.3.12 and earlier, affecting users who installed NixOS through the graphical calamares installer with an unencrypted `/boot` on non-UEFI systems or with a LUKS partition different from `/`. This vulnerability exposes the LUKS key file in `/boot` as a plaintext CPIO archive attached to the NixOS initrd. A patch is available and expected to be included in version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. As a workaround, expert users who have a copy of their data can re-encrypt the LUKS partition(s) themselves. The vulnerability has a CVSS score of 5.5 (Medium) according to NVD and 7.9 (High) according to [email protected], with potential confidentiality impact being high and integrity impact being low.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-36476 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options