CVE-2025-8067

NameCVE-2025-8067
DescriptionA flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4284-1, DSA-5989-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
udisks2 (PTS)bullseye2.9.2-2+deb11u1vulnerable
bullseye (security)2.9.2-2+deb11u3fixed
bookworm, bookworm (security)2.9.4-4+deb12u2fixed
trixie (security), trixie2.10.1-12.1+deb13u1fixed
forky, sid2.10.91-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
udisks2sourcebullseye2.9.2-2+deb11u3DLA-4284-1
udisks2sourcebookworm2.9.4-4+deb12u2DSA-5989-1
udisks2sourcetrixie2.10.1-12.1+deb13u1DSA-5989-1
udisks2source(unstable)2.10.90-3.1

Notes

https://www.openwall.com/lists/oss-security/2025/08/28/1
https://github.com/storaged-project/udisks/security/advisories/GHSA-742q-gggc-473g
https://github.com/storaged-project/udisks/commit/280b127124332c6436bc8273ef677f218b435593 (master)
https://github.com/storaged-project/udisks/commit/9ed2186f668c76aeb472de170d62b499d85a1915 (udisks-2.10.2)
Search for package or bug name: Reporting problems