Freedesktop Udisks vulnerabilities
5 known vulnerabilities affecting freedesktop/udisks.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2026-26103HIGHCVSS 7.1v2.0.02026-02-25
CVE-2026-26103 [HIGH] CWE-862 CVE-2026-26103: A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for res
A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys an
nvd
CVE-2026-26104MEDIUMCVSS 5.5v2.0.02026-02-25
CVE-2026-26104 [MEDIUM] CWE-862 CVE-2026-26104: A flaw was found in the udisks storage management daemon that allows unprivileged users to back up L
A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to at
nvd
CVE-2018-17336HIGHCVSS 7.8v2.8.02018-09-22
CVE-2018-17336 [HIGH] CWE-134 CVE-2018-17336: UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.
nvd
CVE-2014-0004MEDIUMCVSS 6.9≤ 1.0.4v1.0+9 more2014-03-11
CVE-2014-0004 [MEDIUM] CWE-119 CVE-2014-0004: Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.
nvd
CVE-2010-1149LOWCVSS 2.1≤ 1.02010-04-12
CVE-2010-1149 [LOW] CWE-200 CVE-2010-1149: probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to ud
probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a certain file under /dev/.udev/db/.
nvd