Born0Monday

**Name of the Vulnerable Software and Affected Versions** Udisks versions prior to the fix included in SlackwareLinux security advisory. **Description** A flaw exists in the Udisks daemon that allows unprivileged users to create loop devices via the D-BUS system. This is due to insufficient validation of the `index` parameter within the loop device handler, specifically a missing lower bound check. An attacker can exploit this by providing a negative value for the `index` parameter, potentially causing a crash of the daemon process or gaining access to internal file descriptors, which could lead to local privilege escalation. **Recommendations** Apply the security fix included in the latest SlackwareLinux security advisory for udisks2.