NIXPKGS-2025-0001
published on 29 Oct 2025
Permalink
CVE-2025-8067
8.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): HIGH
by @balsoft Activity log
- Created automatic suggestion
- @balsoft added maintainer @balsoft
- @balsoft accepted
- @balsoft published on GitHub
Udisks: out-of-bounds read in udisks daemon
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.
References
- https://access.redhat.com/security/cve/CVE-2025-8067 x_refsource_REDHAT vdb-entry
- RHBZ#2388623 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-8067 x_refsource_REDHAT vdb-entry
- RHBZ#2388623 issue-tracking x_refsource_REDHAT
- RHSA-2025:15017 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15018 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15020 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15017 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15018 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15020 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15956 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16021 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-8067 x_refsource_REDHAT vdb-entry
- RHBZ#2388623 issue-tracking x_refsource_REDHAT
- RHSA-2025:15956 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16021 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16090 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16106 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16121 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16122 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-8067 x_refsource_REDHAT vdb-entry
- RHBZ#2388623 issue-tracking x_refsource_REDHAT
- RHSA-2025:15017 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15018 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15020 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16122 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16125 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16130 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-8067 x_refsource_REDHAT vdb-entry
- RHBZ#2388623 issue-tracking x_refsource_REDHAT
- RHSA-2025:15017 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15018 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15020 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15956 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16021 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16090 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16106 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16121 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15017 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15018 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15020 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15956 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16021 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16090 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16106 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16121 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16122 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16125 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16130 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-8067 x_refsource_REDHAT vdb-entry
- RHBZ#2388623 issue-tracking x_refsource_REDHAT
- RHSA-2025:15017 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15018 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15020 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15956 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16021 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16090 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16106 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16121 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16122 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16125 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16130 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-8067 x_refsource_REDHAT vdb-entry
- RHBZ#2388623 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/08/msg00023.html
- RHSA-2025:15017 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15018 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15020 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15956 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16021 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16090 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16106 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16121 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16122 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16125 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16130 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-8067 x_refsource_REDHAT vdb-entry
- RHBZ#2388623 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/08/msg00023.html
- http://www.openwall.com/lists/oss-security/2025/08/28/1
- RHSA-2025:15017 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15018 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15020 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15956 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16021 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16090 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16106 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16121 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16122 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16125 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16130 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-8067 x_refsource_REDHAT vdb-entry
- RHBZ#2388623 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/08/msg00023.html
- http://www.openwall.com/lists/oss-security/2025/08/28/1
- RHSA-2025:15017 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15018 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15020 vendor-advisory x_refsource_REDHAT
- RHSA-2025:15956 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16021 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16090 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16106 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16121 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16122 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16125 vendor-advisory x_refsource_REDHAT
- RHSA-2025:16130 vendor-advisory x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-8067 x_refsource_REDHAT vdb-entry
- RHBZ#2388623 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/08/msg00023.html
- http://www.openwall.com/lists/oss-security/2025/08/28/1
Affected products
udisks
udisks2
- <2.10.91
- <2.10.2
- *
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@JohnAZoidberg Daniel Schäfer <git@danielschaefer.me>
Additional maintainers
-
@balsoft Alexander Bantyev <balsoft75@gmail.com>