Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2026:3476

Опубликовано: 05 мар. 2026
Источник: rocky
Оценка: Important

Описание

Important: udisks2 security update

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies.

Security Fix(es):

  • udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API (CVE-2026-26104)

  • udisks: Missing Authorization Check Allows Unprivileged Users to Restore LUKS Headers via udisks D-Bus API (CVE-2026-26103)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
udisks2x86_646.el10_1.1udisks2-2.10.90-6.el10_1.1.x86_64.rpm
udisks2-iscsix86_646.el10_1.1udisks2-iscsi-2.10.90-6.el10_1.1.x86_64.rpm
udisks2-lsmx86_646.el10_1.1udisks2-lsm-2.10.90-6.el10_1.1.x86_64.rpm
udisks2-lvm2x86_646.el10_1.1udisks2-lvm2-2.10.90-6.el10_1.1.x86_64.rpm
libudisks2x86_646.el10_1.1libudisks2-2.10.90-6.el10_1.1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2026-26103
CVE-2026-26104

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2026-3476

oracle-oval
26 дней назад

ELSA-2026-3476: udisks2 security update (IMPORTANT)

ubuntu логотип

CVE-2026-26104

CVSS3: 5.5
ubuntu
около 1 месяца назад

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.

redhat логотип

CVE-2026-26104

CVSS3: 5.5
redhat
около 1 месяца назад

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.

nvd логотип

CVE-2026-26104

CVSS3: 5.5
nvd
около 1 месяца назад

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.

debian логотип

CVE-2026-26104

CVSS3: 5.5
debian
около 1 месяца назад

A flaw was found in the udisks storage management daemon that allows u ...