A critical security vulnerability has been discovered in the Linux UDisks daemon that could allow unprivileged attackers to gain access to files owned by privileged users.
The flaw, identified as CVE-2025-8067, was publicly disclosed on August 28, 2025, and carries an Important severity rating with a CVSS v3 score of 8.5.
Key Takeaways
1. CVE-2025-8067 in the Linux UDisks daemon allows privilege escalation.
2. Affects Red Hat Enterprise Linux 6-10, enabling local attackers to access privileged files easily.
3. No workarounds exist.
UDisks D-Bus Privilege Escalation Flaw
The vulnerability originates from improper input validation in the UDisks daemon’s loop device handler, which processes requests through the D-BUS interface.
The flaw occurs when the daemon handles two critical parameters: the file descriptor list and an index value that specifies the backing file for loop device creation.
While the daemon correctly validates the upper bound of the index parameter to prevent it from exceeding maximum allowed values, it fails to validate the lower bound.
This oversight allows attackers to supply negative index values, leading to an out-of-bounds read condition classified as CWE-125.
The vulnerability enables unprivileged users to create loop devices through the D-BUS system interface, potentially causing the UDisks daemon to crash or, more critically, facilitating local privilege escalation.
Attackers can exploit this flaw to access sensitive files owned by privileged users, bypassing normal permission controls.
Security researcher Michael Imfeld (born0monday) discovered and reported this vulnerability to Red Hat.
| Risk Factors | Details |
| Affected Products | Red Hat Enterprise Linux 10 (udisks2)Red Hat Enterprise Linux 9 (udisks2)Red Hat Enterprise Linux 8 (udisks2)Red Hat Enterprise Linux 7 (udisks2)Red Hat Enterprise Linux 6 (udisks – Out of support) |
| Impact | Local privilege escalation |
| Exploit Prerequisites | Local access to target systemAbility to send D-BUS requestsNo user interaction required |
| CVSS 3.1 Score | 8.5 (Important) |
Affected Systems
Red Hat’s Product Security team has classified this vulnerability as Important due to its low exploitation complexity and significant privilege escalation potential.
The vulnerability affects multiple Red Hat Enterprise Linux versions:
- Red Hat Enterprise Linux 10 (udisks2)
- Red Hat Enterprise Linux 9 (udisks2)
- Red Hat Enterprise Linux 8 (udisks2)
- Red Hat Enterprise Linux 7 (udisks2)
- Red Hat Enterprise Linux 6 (udisks – out of support scope)
The CVSS v3 vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H indicates a local attack vector with low complexity, requiring no privileges or user interaction.
The vulnerability has a Changed scope with Low confidentiality and integrity impact but High availability impact.
The technical impact includes potential memory disclosure of cryptographic keys, personally identifiable information, and memory addresses that could bypass Address Space Layout Randomization (ASLR) protections.
Currently, no mitigation is available other than installing updated packages once they become available.
Organizations using affected Linux distributions should prioritize applying security patches immediately upon release to prevent potential exploitation of this privilege escalation vulnerability.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
