[USN-7723-1] UDisks vulnerability

Thu Aug 28 22:45:24 UTC 2025

==========================================================================
Ubuntu Security Notice USN-7723-1
August 28, 2025

udisks2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

UDisks could be made to crash or run programs if it received specially
crafted input.

Software Description:
- udisks2: service to access and manipulate storage devices

Details:

Michael Imfeld discovered that UDisks did not check the validity of input
data correctly when handling files for loop devices. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  libudisks2-0                    2.10.1-11ubuntu2.3
  udisks2                         2.10.1-11ubuntu2.3

Ubuntu 24.04 LTS
  libudisks2-0                    2.10.1-6ubuntu1.3
  udisks2                         2.10.1-6ubuntu1.3

Ubuntu 22.04 LTS
  libudisks2-0                    2.9.4-1ubuntu2.3
  udisks2                         2.9.4-1ubuntu2.3

Ubuntu 20.04 LTS
  libudisks2-0                    2.8.4-1ubuntu2+esm2
                                  Available with Ubuntu Pro
  udisks2                         2.8.4-1ubuntu2+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libudisks2-0                    2.7.6-3ubuntu0.2+esm2
                                  Available with Ubuntu Pro
  udisks2                         2.7.6-3ubuntu0.2+esm2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libudisks2-0                    2.1.7-1ubuntu1+esm1
                                  Available with Ubuntu Pro
  udisks2                         2.1.7-1ubuntu1+esm1
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  libudisks2-0                    2.1.3-1ubuntu0.1+esm1
                                  Available with Ubuntu Pro
  udisks2                         2.1.3-1ubuntu0.1+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7723-1
  CVE-2025-8067

Package Information:
  https://launchpad.net/ubuntu/+source/udisks2/2.10.1-11ubuntu2.3
  https://launchpad.net/ubuntu/+source/udisks2/2.10.1-6ubuntu1.3
  https://launchpad.net/ubuntu/+source/udisks2/2.9.4-1ubuntu2.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250828/bf7e4905/attachment.sig>