GCVE - cpe:2.3:a:freedesktop:udisks:2.0.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:freedesktop:udisks:2.0.0:*:*:*:*:*:*:*

part: a version: 2.0.0 update: *

Vendor	Freedesktop (`2c544e5d-e68e-5b35-a616-dc08f0ba697e`)
Product	Udisks (`272b9133-95ca-52b0-93a8-badb7e71755f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/udisks2`	purl2cpe	2026-06-01 10:14:04.217903
`pkg:deb/ubuntu/udisks2`	purl2cpe	2026-06-01 10:14:04.217904
`pkg:github/storaged-project/udisks`	purl2cpe	2026-06-01 10:14:04.217906
`pkg:gitlab/redhat/udisks2`	purl2cpe	2026-06-01 10:14:04.217907
`pkg:rpm/centos/udisks2`	purl2cpe	2026-06-01 10:14:04.217909
`pkg:rpm/fedora/udisks2`	purl2cpe	2026-06-01 10:14:04.217910
`pkg:rpm/opensuse/udisks2`	purl2cpe	2026-06-01 10:14:04.217911

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-26104`	vulnerable	2026-06-03 15:18:04.754968	Udisks: missing authorization check allows unprivileged users to back up luks headers via udisks d-bus api MEDIUM (5.5) A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes. Published: 2026-02-25T10:51:15.204Z Updated: 2026-03-25T18:52:14.488Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2026:3476 https://access.redhat.com/errata/RHSA-2026:5831 https://access.redhat.com/security/cve/CVE-2026-26104 https://bugzilla.redhat.com/show_bug.cgi?id=2433717 https://github.com/storaged-project/udisks/security/advisories/GHSA-fcvx-497g-6xmw	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-26103`	vulnerable	2026-06-03 15:18:04.754349	Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api HIGH (7.1) A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss. Published: 2026-02-25T10:31:50.913Z Updated: 2026-03-25T18:52:14.387Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2026:3476 https://access.redhat.com/errata/RHSA-2026:5831 https://access.redhat.com/security/cve/CVE-2026-26103 https://bugzilla.redhat.com/show_bug.cgi?id=2433719 https://github.com/storaged-project/udisks/security/advisories/GHSA-c75h-phf8-ccjm	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-0004`	vulnerable	2026-06-03 14:33:35.964887	Details available Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. Published: 2014-03-11T15:00:00.000Z Updated: 2024-08-06T08:58:26.565Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html http://rhn.redhat.com/errata/RHSA-2014-0293.html http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.