September 1, 2025
A security researcher has disclosed a serious flaw in the UDisks daemon, a widely used component for managing disks and storage devices in Linux environments. The issue, now tracked as CVE-2025-8067 with a CVSS score of 8.5, was reported to the Red Hat Product Security team and has since been patched in updated versions of UDisks.
The flaw exists in the way the UDisks daemon handles loop device creation requests via the D-Bus system bus. As the report describes, “A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system… it fails to validate the lower bound, allowing the index parameter to be a negative value.”
This lack of validation leads to an out-of-bounds read (OOB read) in the GLib function g_unix_fd_list_get(). The report notes, “Although there is a check in place to ensure that fd_index does not exceed the bounds of the fd_list array, there is no validation for the lower bound. As a result, passing a negative value for fd_index leads to an out-of-bounds (OOB) read vulnerability.”
Successful exploitation can have two major consequences. First, it can cause a denial of service (DoS) by crashing the daemon. More critically, the report explains, “an attacker can use this to map an internal file descriptor from the daemon process onto a loop device… if it corresponds to a valid open descriptor in the daemon process, it can be successfully mapped to a loop device.”
This behavior opens the door to local privilege escalation (LPE), as attackers may trick the daemon into exposing privileged files as loop devices. The researcher warns, “An attacker could potentially coerce the daemon process into opening an arbitrary file, creating a file descriptor that could then be inadvertently exposed and reused in this way.”
Proof-of-concept (PoC) code has already been published, demonstrating how the flaw can be exploited to crash the UDisks daemon.
The vulnerability has been patched in the following UDisks versions:
Users and administrators are strongly urged to update to the fixed versions to prevent exploitation.
Related Posts:
- Critical Linux Root Exploit Chain Discovered in PAM & UDisks, Affecting Major Distros
- Nginx Zero-Day LDAP Reference Implementation Vulnerability Alert
- Critical Erlang/OTP Flaw (CVE-2025-32433) Under Active Exploitation, Allowing Unauthenticated RCE on OT Networks
- Privilege Escalation in guix-daemon: Critical Vulnerabilities Threaten Multi-User Systems
- CVE-2024-52336 & CVE-2024-52337: Vulnerabilities in Linux Tuned Daemon
