{ "version": "1", "package": [ { "name": "udisks2", "layer": "meta-oe", "version": "2.10.2", "products": [ { "product": "udisks", "cvesInRecord": "Yes" } ], "issue": [ { "id": "CVE-2010-1149", "summary": "probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/.", "scorev2": "2.1", "scorev3": "0.0", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2010-1149" }, { "id": "CVE-2010-4661", "summary": "udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.", "scorev2": "4.6", "scorev3": "7.8", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2010-4661" }, { "id": "CVE-2014-0004", "summary": "Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.", "scorev2": "6.9", "scorev3": "0.0", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2014-0004" }, { "id": "CVE-2018-17336", "summary": "UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.", "scorev2": "4.6", "scorev3": "7.8", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2018-17336" }, { "id": "CVE-2021-3802", "summary": "A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.", "scorev2": "6.3", "scorev3": "4.2", "scorev4": "0.0", "vector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2021-3802" }, { "id": "CVE-2026-26103", "summary": "A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.", "scorev2": "0.0", "scorev3": "7.1", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2026-26103" }, { "id": "CVE-2026-26104", "summary": "A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.", "scorev2": "0.0", "scorev3": "5.5", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2026-26104" } ] } ] }