CVE-2025-8067 - Vulnerability Details

A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Eus Long Life Rhel Tus

No data.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:15017
https://access.redhat.com/errata/RHSA-2025:15018
https://access.redhat.com/errata/RHSA-2025:15020
https://access.redhat.com/errata/RHSA-2025:15956
https://access.redhat.com/errata/RHSA-2025:16021
https://access.redhat.com/errata/RHSA-2025:16090
https://access.redhat.com/errata/RHSA-2025:16106
https://access.redhat.com/errata/RHSA-2025:16121
https://access.redhat.com/errata/RHSA-2025:16122
https://access.redhat.com/errata/RHSA-2025:16125
https://access.redhat.com/errata/RHSA-2025:16130
https://access.redhat.com/security/cve/CVE-2025-8067
https://bugzilla.redhat.com/show_bug.cgi?id=2388623
https://nvd.nist.gov/vuln/detail/CVE-2025-8067
https://www.cve.org/CVERecord?id=CVE-2025-8067

History

Thu, 18 Sep 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els
References		https://access.redhat.com/errata/RHSA-2025:16130

Thu, 18 Sep 2025 03:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream
References		https://access.redhat.com/errata/RHSA-2025:16125

Wed, 17 Sep 2025 19:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.2::appstream
References		https://access.redhat.com/errata/RHSA-2025:16122

Wed, 17 Sep 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Eus Long Life
CPEs		cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Vendors & Products		Redhat rhel Aus Redhat rhel Eus Long Life
References		https://access.redhat.com/errata/RHSA-2025:16121

Wed, 17 Sep 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Vendors & Products		Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:16106

Wed, 17 Sep 2025 15:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream
References		https://access.redhat.com/errata/RHSA-2025:16090

Tue, 16 Sep 2025 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s
CPEs		cpe:/a:redhat:rhel_e4s:9.2::appstream
Vendors & Products		Redhat rhel E4s
References		https://access.redhat.com/errata/RHSA-2025:16021

Tue, 16 Sep 2025 13:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:15956

Tue, 02 Sep 2025 09:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9	cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:10.0
References		https://access.redhat.com/errata/RHSA-2025:15017 https://access.redhat.com/errata/RHSA-2025:15018 https://access.redhat.com/errata/RHSA-2025:15020

Fri, 29 Aug 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-8067 https://www.cve.org/CVERecord?id=CVE-2025-8067
Metrics	threat_severity `None`	threat_severity `Important`

Thu, 28 Aug 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 28 Aug 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.
Title		Udisks: out-of-bounds read in udisks daemon
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-125
CPEs		cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2025-8067 https://bugzilla.redhat.com/show_bug.cgi?id=2388623
Metrics		cvssV3_1 `{'score': 8.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-08-28T14:47:08.578Z

Updated: 2025-09-18T14:24:51.838Z

Reserved: 2025-07-22T22:54:45.533Z

Link: CVE-2025-8067

Vulnrichment

Updated: 2025-08-28T16:20:52.433Z

NVD

Status : Awaiting Analysis

Published: 2025-08-28T15:16:03.600

Modified: 2025-09-18T15:15:39.607

Link: CVE-2025-8067

Redhat

Severity : Important

Publid Date: 2025-08-28T14:42:00Z

Links: CVE-2025-8067 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object