Linux UDisks Daemon Vulnerability Allows Attackers Access to Privileged User Files

Cybersecurity

A critical security vulnerability has been identified in the Linux UDisks daemon, permitting unprivileged attackers to access files owned by privileged users.

The vulnerability, designated as CVE-2025-8067, was disclosed publicly on Thu, Aug 28, 2025. It has an Important severity rating with a CVSS v3 score of 8.5.

Key Takeaways

• CVE-2025-8067 allows privilege escalation in the Linux UDisks daemon.
• Affects Red Hat Enterprise Linux versions 6 through 10, facilitating local attackers’ access to privileged files.
• No workarounds are currently available.

UDisks D-Bus Privilege Escalation Flaw

The vulnerability arises from improper input validation in the UDisks daemon’s loop device handler, which processes requests via the D-BUS interface.

The flaw occurs when the daemon handles two critical parameters: the file descriptor list and an index value specifying the backing file for loop device creation. Although the daemon correctly validates the upper bound of the index parameter, it fails to validate the lower bound. This oversight allows attackers to supply negative index values, leading to an out-of-bounds read condition classified as CWE-125.

Unprivileged users can exploit this flaw to create loop devices through the D-BUS system interface, potentially causing the UDisks daemon to crash or facilitate local privilege escalation. Attackers can thus access sensitive files owned by privileged users, bypassing normal permission controls.

Security researcher Michael Imfeld (known as born0monday) discovered and reported this vulnerability to Red Hat.

Affected Systems

Red Hat’s Product Security team has categorized this vulnerability as Important due to its low exploitation complexity and significant privilege escalation potential. The vulnerability affects the following Red Hat Enterprise Linux versions:

• Red Hat Enterprise Linux 10 (udisks2)
• Red Hat Enterprise Linux 9 (udisks2)
• Red Hat Enterprise Linux 8 (udisks2)
• Red Hat Enterprise Linux 7 (udisks2)
• Red Hat Enterprise Linux 6 (udisks – out of support scope)

The CVSS v3 vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H indicates a local attack vector with low complexity, requiring no privileges or user interaction.

The vulnerability has a Changed scope with Low confidentiality and integrity impact but High availability impact. The technical impact includes potential memory disclosure of cryptographic keys, personally identifiable information, and memory addresses that could bypass Address Space Layout Randomization (ASLR) protections.

Currently, no mitigation is available other than installing updated packages once they become available. Organizations using affected Linux distributions should prioritize applying security patches immediately upon release to prevent potential exploitation of this privilege escalation vulnerability.