CVE-2025-8067

CVSS v3.1

8.5

High

AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions Udisks versions prior to the fix included in SlackwareLinux security advisory.

Description A flaw exists in the Udisks daemon that allows unprivileged users to create loop devices via the D-BUS system. This is due to insufficient validation of the index parameter within the loop device handler, specifically a missing lower bound check. An attacker can exploit this by providing a negative value for the index parameter, potentially causing a crash of the daemon process or gaining access to internal file descriptors, which could lead to local privilege escalation.

Recommendations Apply the security fix included in the latest SlackwareLinux security advisory for udisks2.

Fix

DoS

LPE

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025:15017

ALSA-2025:15018

ALSA-2025:15020

AZL-73051

BDU:2025-11284

CESA-2025_15017

CVE-2025-8067

DLA-4284-1

DSA-5989-1

INFSA-2025_15017

INFSA-2025_15018

MGASA-2025-0231

OESA-2025-2277

OPENSUSE-SU-2025:15511-1

OPENSUSE-SU-2026:20141-1

RHSA-2025:15017

RHSA-2025:15018

RHSA-2025:15020

RHSA-2025:15956

RHSA-2025:16021

RHSA-2025:16090

RHSA-2025:16106

RHSA-2025:16121

RHSA-2025:16122

RHSA-2025:16125

RHSA-2025:16130

RHSA-2025_15017

RHSA-2025_15018

SUSE-SU-2025:03015-1

SUSE-SU-2025:03016-1

SUSE-SU-2025:03017-1

SUSE-SU-2025:20718-1

SUSE-SU-2025:20801-1

SUSE-SU-2025_03015-1

SUSE-SU-2025_03016-1

SUSE-SU-2025_03017-1

SUSE-SU-2026:20206-1

SUSE-SU-2026:20213-1

USN-7723-1

Affected Products

Almalinux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Udisks Daemon

CVE-2025-8067

Weakness Enumeration

Related Identifiers

Affected Products

References · 109