udisks2: fix CVE-2025-8067

Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-8067 Upstream-patch: 9ed2186f66 Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-04-02 02:49:12 +00:00 · 2025-10-07 10:57:26 +05:30 · 2025-10-07 10:57:26 +05:30 · fbb3d46fad
commit fbb3d46fad
parent 9c51a98b4f
2 changed files with 40 additions and 1 deletions
--- a/meta-oe/recipes-support/udisks/udisks2/CVE-2025-8067.patch
+++ b/meta-oe/recipes-support/udisks/udisks2/CVE-2025-8067.patch
@ -0,0 +1,37 @@
+From 9ed2186f668c76aeb472de170d62b499d85a1915 Mon Sep 17 00:00:00 2001
+From: Marc Deslauriers <marc.deslauriers@canonical.com>
+Date: Tue, 15 Jul 2025 13:34:08 -0400
+Subject: [PATCH] udiskslinuxmanager: Add lower bounds check to fd_index
+
+CVE: CVE-2025-8067
+
+Make sure fd_index isn't negative as this can lead to an OOB read
+resulting in a crash, or to exposing internal file descriptors.
+
+Reported by Michael Imfeld (born0monday).
+
+(cherry picked from commit 280b127124332c6436bc8273ef677f218b435593)
+
+Upstream-Status: Backport
+[https://github.com/storaged-project/udisks/commit/9ed2186f668c76aeb472de170d62b499d85a1915]
+
+Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
+---
+ src/udiskslinuxmanager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udiskslinuxmanager.c b/src/udiskslinuxmanager.c
+index 7a614f44..76694cfd 100644
+--- a/src/udiskslinuxmanager.c
+++ b/src/udiskslinuxmanager.c
+@@ -359,7 +359,7 @@ handle_loop_setup (UDisksManager          *object,
+     goto out;
+
+   fd_num = g_variant_get_handle (fd_index);
+-  if (fd_list == NULL || fd_num >= g_unix_fd_list_get_length (fd_list))
+  if (fd_list == NULL || fd_num < 0 || fd_num >= g_unix_fd_list_get_length (fd_list))
+     {
+       g_dbus_method_invocation_return_error (invocation,
+                                              UDISKS_ERROR,
+--
+2.39.4
--- a/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
+++ b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
@ -18,7 +18,9 @@ DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
 RDEPENDS:${PN} = "acl"

 SRC_URI = "git://github.com/storaged-project/udisks.git;branch=2.9.x-branch;protocol=https \
-           file://CVE-2025-6019.patch "
+           file://CVE-2025-6019.patch \
+           file://CVE-2025-8067.patch "
+
 SRCREV = "001c486e6d099ed33e2de4f5c73c03e3ee180f81"
 S = "${WORKDIR}/git"