Udisks Daemon Out-of-Bounds Read Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability exists in the Udisks daemon that permits unprivileged users to create loop devices through the D-BUS system. This issue arises because the loop device handler, which processes D-BUS requests, fails to properly validate the lower bound of an index parameter, allowing negative values. Exploitation of this flaw can lead to a crash of the Udisks daemon or facilitate local privilege escalation by accessing files owned by privileged users.

Impact

Exploitation of this vulnerability can cause a segmentation fault, crashing the Udisks daemon. Additionally, it can be exploited for local privilege escalation, allowing access to files owned by privileged users.

Added: Aug 28, 2025, 3:17 PM

Updated: Aug 28, 2025, 3:17 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

5.6

exploitability

4.7

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

5.6

exploitability

4.7

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Udisks Daemon Out-of-Bounds Read Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

UDisks

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating