CVE-2023-36476

Name of the Vulnerable Software and Affected Versions calamares-nixos-extensions versions 0.3.12 and prior

Description The issue affects users of calamares-nixos-extensions who installed NixOS through the graphical calamares installer with an unencrypted /boot, on either non-UEFI systems or with a LUKS partition different from /. In these cases, the LUKS key file is stored in /boot as a plaintext CPIO archive attached to the NixOS initrd. A patch is anticipated to be part of version 0.3.13.

Recommendations For versions 0.3.12 and prior, expert users can re-encrypt the LUKS partition(s) themselves as a workaround. Update to version 0.3.13 or later when available to apply the patch.