rpm package
opensuse/udisks2&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/udisks2&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-26104 | — | < 2.11.0-2.1 | 2.11.0-2.1 | Feb 25, 2026 | A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a | ||
| CVE-2026-26103 | — | < 2.11.0-2.1 | 2.11.0-2.1 | Feb 25, 2026 | A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption meta | ||
| CVE-2025-8067 | Hig | 8.5 | < 2.10.1-4.1 | 2.10.1-4.1 | Aug 28, 2025 | A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the | |
| CVE-2018-17336 | Hig | 7.8 | < 2.9.2-1.6 | 2.9.2-1.6 | Sep 22, 2018 | UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demo | |
| CVE-2014-0004 | — | < 2.1.8-1.1 | 2.1.8-1.1 | Mar 11, 2014 | Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. |
- CVE-2026-26104Feb 25, 2026affected < 2.11.0-2.1fixed 2.11.0-2.1
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a
- CVE-2026-26103Feb 25, 2026affected < 2.11.0-2.1fixed 2.11.0-2.1
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption meta
- affected < 2.10.1-4.1fixed 2.10.1-4.1
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the
- affected < 2.9.2-1.6fixed 2.9.2-1.6
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demo
- CVE-2014-0004Mar 11, 2014affected < 2.1.8-1.1fixed 2.1.8-1.1
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.