A new out-of-bounds read vulnerability in the Linux UDisks daemon, identified as CVE-2025-8067, allows unprivileged users to access sensitive data and potentially escalate privileges. Red Hat recommends immediate patching to mitigate this serious security risk. #CVE-2025-8067 #UDisksVulnerability
Keypoints
- The vulnerability affects multiple Red Hat Enterprise Linux distributions, including RHEL 7 to 10.
- The flaw resides in how UDisks handles negative indices for creating loop devices, leading to out-of-bounds memory access.
- The issue can cause system crashes or expose sensitive memory contents like cryptographic keys and credentials.
- There are currently no workarounds; immediate updates are required to fix the problem.
- The vulnerability has a high impact on system availability and potential risk of privilege escalation.
Read More: https://thecyberexpress.com/linux-daemon-vulnerability-cve-2025-8067/