CVE Alert: CVE-2025-8067 – Red Hat – Red Hat Enterprise Linux 10
CVE-2025-8067
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn’t bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.
AI Summary Analysis
Risk verdict
High local-risk of privilege escalation if an attacker gains local access; no active exploitation reported, but patching promptly remains essential.
Why this matters
Unprivileged users can trigger the udisks2 loop device path via D-BUS, potentially reading or accessing files owned by privileged users. If exploited, this could lead to data exposure or broader system compromise, especially on systems where udisks2 is widely used for automounting.
Most likely attack path
An attacker with local access can invoke the D-BUS loop device handler, providing a negative index value to bypass bounds checks. With PR:N and UI:N, no user interaction is required beyond initial access, and a successful path can escalate privileges or expose restricted files. The scope change indicates potential reach beyond the immediate function, increasing the impact within the host.
Who is most exposed
Linux hosts running udisks2 with D-BUS enabled are at risk, including Red Hat Enterprise Linux desktops and servers (RHEL 7–10 in typical deployments), especially those with automated mounting or shared workstation roles.
Detection ideas
- udisksd crashes or restarts; systemd/service interruptions.
- Unexpected creation of /dev/loop* devices by non-root processes.
- Anomalous D-BUS activity targeting org.freedesktop.UDisks2 with unusual index values.
- Access attempts to files owned by privileged users from unprivileged processes.
- Core dumps or stack traces from the udisksd process.
Mitigation and prioritisation
- Apply patched udisks2 package as soon as available; verify via your package manager and restart udisksd if needed.
- If patching is delayed, tighten D-BUS access controls or disable loop device handling where feasible; enforce SELinux/AppArmor confinement.
- Monitor for loop device creation, udisksd crashes, and unusual file access by non-privileged users; alert on anomalies.
- Plan test and rollout in a controlled window; validate service stability post-patch.
- If KEV is true or EPSS ≥ 0.5, treat as priority 1; otherwise proceed with standard prioritisation based on your SBOM and exposure.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
