Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN557
_____________________________________________________________________

DATE                : 29/08/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running udisks2 versions prior to
                               2.10.91, 2.10.2.

=====================================================================
https://github.com/storaged-project/udisks/security/advisories/GHSA-742q-gggc-473g
_____________________________________________________________________

Out-Of-Bounds Read in UDisks Daemon
High
tbzatek published GHSA-742q-gggc-473g Aug 28, 2025

Package
udisks2

Affected versions
<=2.10.90
<=2.10.1

Patched versions
2.10.91
2.10.2


Description

The UDisks daemon contains an out-of-bounds (OOB) read vulnerability
that can be triggered by an unprivileged user via system bus.
Successful exploitation leads to a crash of the daemon process, or
mapping of an internal file descriptor from the daemon process
onto a loop device, likely resulting in local privilege escalation.


Severity
High
8.4/ 10
CVSS v3 base metrics
Attack vector
Local
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
High
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

CVE ID
CVE-2025-8067

Weaknesses
Weakness CWE-125 


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================