udisks Privileged D-Bus API Authorization Vulnerability Allowing LUKS Header Restoration

A vulnerability exists in the udisks storage management daemon, which provides a privileged D-Bus API for restoring LUKS encryption headers without adequate authorization checks. This flaw allows local unprivileged users to command the root-owned udisks daemon to overwrite encryption metadata on block devices, permanently damaging encryption keys and making encrypted volumes inaccessible. The successful exploitation of this vulnerability leads to irreversible data loss, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability allows local unprivileged users to overwrite LUKS encryption headers on block devices, permanently losing access to encrypted data and causing a denial-of-service condition through irreversible data loss.

Reproduction

To reproduce this vulnerability, a local unprivileged user can invoke the 'org.freedesktop.UDisks2.Block.RestoreEncryptedHeader' D-Bus method. This action will trigger the udisks daemon to restore LUKS headers on the specified block device, overwriting the existing encryption metadata. The absence of proper authorization checks allows this operation to be performed without authentication or user interaction, leading to the permanent loss of access to the encrypted data.