udisks2-2.9.0-16.el8_10.1

エラータID: AXSA:2025-10830:02

Release date: 
Thursday, September 4, 2025 - 14:13
Subject: 
udisks2-2.9.0-16.el8_10.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies.

Security Fix(es):

* udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-8067
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.

Solution: 

Update packages.

CVEs: 
CVE-2025-8067
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.
Additional Info: 

N/A

Download: 

SRPMS
  1. udisks2-2.9.0-16.el8_10.1.src.rpm
    MD5: 1167452226b19e80327af1b1d3f437f8
    SHA-256: 4f65a0a502eed4e20a2dfbd7e9611e0728596190c66f8a028e2e5e0190da5fdd
    Size: 1.64 MB

Asianux Server 8 for x86_64
  1. libudisks2-2.9.0-16.el8_10.1.i686.rpm
    MD5: e90ec69ada68f77749740a634fc4b8ec
    SHA-256: 8fff1ec3cb32f38eba3c1b8fc3ac2b811b6baaadaa8363bafbfc6fa9eeeebd24
    Size: 186.68 kB
  2. libudisks2-2.9.0-16.el8_10.1.x86_64.rpm
    MD5: ce2da8fb31480b9c8aaeaadb0187abdb
    SHA-256: 320e123cd73f91e3f3b47afc22b39330454afc1caefbd8277e83832703b7d38d
    Size: 184.32 kB
  3. libudisks2-devel-2.9.0-16.el8_10.1.i686.rpm
    MD5: 02bd5e9ccef752d421419f9bf9682d24
    SHA-256: bf87ee5d0ddb994512d1f43f6498a260ae326165f6a1e17b27c97c42fc6f6f56
    Size: 412.23 kB
  4. libudisks2-devel-2.9.0-16.el8_10.1.x86_64.rpm
    MD5: d7cd2bf1188e79886eca2d09a61e6e76
    SHA-256: 5bf04950cb17e290c2a1bdd3f46b29d475ec5b29b903d899d654dafd1c72e1e0
    Size: 412.22 kB
  5. udisks2-2.9.0-16.el8_10.1.x86_64.rpm
    MD5: 3a31315414d4cfcd12f5e40049490c45
    SHA-256: 20302a868dff82d4e4b56e7d6ae3d2aa3627a06bcb8c08731a897eb2b75618cc
    Size: 473.77 kB
  6. udisks2-iscsi-2.9.0-16.el8_10.1.x86_64.rpm
    MD5: 0e340593fe96ed5ea51e9f69b4f2d7ff
    SHA-256: 378cbbde68a104a20e32f69f81287119497b4fedc53e2c50d13c26de4f243a37
    Size: 30.66 kB
  7. udisks2-lsm-2.9.0-16.el8_10.1.x86_64.rpm
    MD5: bcbaecf6ab40302a7da9d75d3aaa7c8e
    SHA-256: 3d78a193e8395416b2e6196a5556931dcfa656deae264202193b8106a87ed195
    Size: 32.50 kB
  8. udisks2-lvm2-2.9.0-16.el8_10.1.x86_64.rpm
    MD5: 2bda8d0a8bfe73281c7d43166a53cde4
    SHA-256: cd6e4b50e6ad14588e866444a2eeb69f8c950839d001ad10ffd1a3b1cec4a2a7
    Size: 45.78 kB