Red Hat has disclosed a critical security flaw in the Udisks daemon that allows unprivileged users to exploit an out-of-bounds read vulnerability and gain access to files owned by privileged accounts.
The vulnerability, tracked as CVE-2025-8067, was publicly released on August 28, 2025, and has been classified with an Important severity rating by Red Hat Product Security.
Under normal operation, the Udisks daemon provides a D-BUS interface for managing storage devices, including the creation and removal of loop devices.
However, a flaw in the loop device handler fails to properly validate the lower bound of the file index parameter supplied by clients.
While the handler ensures the index is not greater than the maximum allowed, it overlooks negative values.
An attacker can exploit this oversight by supplying a negative index, causing the daemon to read memory outside the bounds of the file descriptor list.
| CVE Identifier | Severity | CVSS v3.1 Base Score | Remediation |
| CVE-2025-8067 | Important | 8.5 | Install updated Udisks packages immediately |
This out-of-bounds read can result in either a crash of the daemon—triggering a denial-of-service—or the disclosure of sensitive memory contents, such as cryptographic keys or user credentials, owned by privileged users.
According to the advisory, successful exploitation requires no privileges or user interaction, and the attack complexity is considered low.
The vulnerability can be triggered locally by any user with access to the D-BUS interface, making it a significant local privilege escalation risk.
Red Hat’s preliminary CVSS v3.1 score for this issue is 8.5 out of 10, reflecting a high base severity due to the combination of low complexity, no required privileges, and high availability impact.
Affected distributions include Red Hat Enterprise Linux versions 6 through 10, encompassing multiple Udisks packages such as udisks2, libudisks2, udisks2-iscsi, udisks2-lsm, and udisks2-lvm2.
For RHEL 6, packages under the ‘udisks’ and ‘udisks-devel’ names are impacted, although no fixes are planned for those out-of-support versions. For RHEL 7, 8, 9, and 10, updated packages are available and should be installed immediately to mitigate the risk.
Red Hat offers no workaround for CVE-2025-8067 beyond installing the updated packages.
System administrators are urged to update their systems as soon as the patched Udisks packages are made available via the Red Hat Customer Portal or subscription repositories.
Continued operation of vulnerable Udisks daemons may expose systems to local attackers seeking to gain unauthorized access to sensitive files or crash critical storage management services.
Additional technical details and references can be found in the Red Hat Bugzilla entry (ID 2388623) and the NVD record for CVE-2025-8067.
Organizations should review their inventory of affected systems, prioritize patch deployment in multi-user environments, and monitor logs for anomalous D-BUS calls to Udisks.
Failure to address this flaw promptly may enable attackers to bypass protection mechanisms such as ASLR by leveraging leaked memory addresses, thereby facilitating more advanced exploits.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
