CVE-2025-8067

28.08.2025, 15:16

A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.5 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
redhat	CNA	8.5 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Debian Releases

Debian Product

Codename

udisks2

bullseye	vulnerable
bullseye (security)	2.9.2-2+deb11u3 fixed
bookworm	vulnerable
bookworm (security)	2.9.4-4+deb12u2 fixed
trixie	vulnerable
trixie (security)	2.10.1-12.1+deb13u1 fixed
forky	vulnerable
sid	2.10.90-3.1 fixed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[GERMAN] Linux UDisks Daemon: Schwachstelle ermöglicht Privilegieneskalation
Ein lokaler Angreifer kann eine Schwachstelle im Linux UDisks Daemon ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service herbeizuführen.
Published: 2025-08-28T22:00:00+00:00

References

https://access.redhat.com/security/cve/CVE-2025-8067

https://bugzilla.redhat.com/show_bug.cgi?id=2388623