Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Local Privilege Escalation in Udisks daemon, Patch Immediately!
Image
Published : 02/09/2025
- Last update: 02-09-2025
- Affected software:
→ Udisks daemon <=2.10.90, <=2.10.1- Type: Local Privilege Escalation
- CVE/CVSS
→ CVE-2025-8067: CVSS 8.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H)
Sources
https://access.redhat.com/errata/RHSA-2025:15017
https://www.openwall.com/lists/oss-security/2025/08/28/1
https://ubuntu.com/security/CVE-2025-8067
https://github.com/storaged-project/udisks/security/advisories/GHSA-742q-gggc-473g
Risks
A newly discovered vulnerability in the UDisks daemon allows attackers to exploit improper validation in loop device handling, enabling unprivileged users to trigger crashes or escalate privileges.
UDisks is a system service that provides interfaces for managing storage devices, widely used across Linux distributions to handle disks, partitions, and device mounting via D-BUS.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.
Description
A critical security vulnerability, CVE-2025-8067, has been identified in the UDisks daemon, a core system service widely used in Linux environments. This flaw arises from improper validation of the loop device handler’s index parameter via the D-BUS interface. While the function ensures the index does not exceed the maximum value, it fails to validate the lower bound, allowing negative values.
In affected versions, an unprivileged local attacker could exploit this vulnerability to crash the UDisks daemon or escalate privileges by gaining unauthorized access to files owned by privileged users.
The vulnerability affects popular Linux distributions including Ubuntu, Fedora, Debian, SUSE Linux, and Red Hat, with other distros that rely on UDisks potentially also at risk. Organizations are strongly advised to apply available patches or mitigations immediately to reduce exposure.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://access.redhat.com/errata/RHSA-2025:15017
https://www.openwall.com/lists/oss-security/2025/08/28/1
https://ubuntu.com/security/CVE-2025-8067
https://github.com/storaged-project/udisks/security/advisories/GHSA-742q-gggc-473g