Описание
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.
Отчет
The Red Hat Product Security team has assessed the severity of this vulnerability as Moderate. Exploitation requires local access but no authentication or user interaction. Successful exploitation enables unauthorized disclosure of LUKS encryption metadata, which may assist offline password-cracking or cryptographic analysis attacks. The vulnerability is caused by a missing authorization check on a privileged D-Bus method that performs sensitive read operations.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to a widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | udisks | Not affected | ||
| Red Hat Enterprise Linux 7 | udisks2 | Not affected | ||
| Red Hat Enterprise Linux 8 | udisks2 | Not affected | ||
| Red Hat Enterprise Linux 9 | udisks2 | Not affected | ||
| Red Hat Enterprise Linux 10 | udisks2 | Fixed | RHSA-2026:3476 | 02.03.2026 |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.
A flaw was found in the udisks storage management daemon that allows u ...
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.
5.5 Medium
CVSS3