Red Hat has disclosed a critical security flaw in the Udisks daemon that allows unprivileged users to exploit an out-of-bounds read vulnerability and gain access to files owned by privileged accounts.
The vulnerability, tracked as CVE-2025-8067, was publicly released on August 28, 2025, and has been classified with an Important severity rating by Red Hat Product Security.
Under normal operation, the Udisks daemon provides a D-BUS interface for managing storage devices, including the creation and removal of loop devices.
https://gbhackers.com/linux-udisks-daem ... erability/