CVE-2023-33865: 
NixOS vulnerability analysis and mitigation

RenderDoc before version 1.27 contains a local privilege escalation vulnerability (CVE-2023-33865) that allows unprivileged local attackers to obtain the privileges of users running RenderDoc. The vulnerability was discovered in May 2023 and fixed in version 1.27, released on May 19, 2023. The issue affects the graphics debugging tool's handling of the /tmp/RenderDoc directory, where it relies on this directory regardless of ownership (Qualys Advisory, Debian LTS).

The vulnerability stems from RenderDoc's library_loaded() function, which creates or reuses the /tmp/RenderDoc directory without proper ownership verification. When the shared library librenderdoc.so is LD_PRELOADed into an application, it opens and writes to log files in the format /tmp/RenderDoc/RenderDoc_app_YYYY.MM.DD_hh.mm.ss.log in append mode with permissions S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH. The CVSS v3.1 base score for this vulnerability is 7.8 (HIGH), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows local attackers to escalate their privileges to those of any user running RenderDoc. Through symlink manipulation, attackers can write to arbitrary files with the privileges of the RenderDoc user, potentially leading to complete system compromise. The impact is particularly severe in environments where RenderDoc is run by privileged users (Qualys Advisory).

The vulnerability has been fixed in RenderDoc version 1.27. Users are strongly advised to upgrade to this or later versions. The fix was implemented through multiple commits that address the directory handling issues. For systems that cannot be immediately upgraded, there are no known workarounds (Gentoo Security, Debian LTS).