[meta-oe,Kirkstone,1/1] udisks2: fix CVE-2025-8067

Message ID	20251007052726.2425336-1-saravanan.kadambathursubramaniyam@windriver.com
State	New
Headers	show Return-Path: <saravanan.kadambathursubramaniyam@windriver.com> ip: 205.220.178.238, mailfrom: prvs=2375170c05=saravanan.kadambathursubramaniyam@windriver.com) From: Saravanan <saravanan.kadambathursubramaniyam@windriver.com> To: <openembedded-devel@lists.openembedded.org> Subject: [oe][meta-oe][Kirkstone][PATCH 1/1] udisks2: fix CVE-2025-8067 Date: Tue, 7 Oct 2025 10:57:26 +0530 Message-ID: <20251007052726.2425336-1-saravanan.kadambathursubramaniyam@windriver.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	[meta-oe,Kirkstone,1/1] udisks2: fix CVE-2025-8067 \| expand [meta-oe,Kirkstone,1/1] udisks2: fix CVE-2025-8067

Message ID

20251007052726.2425336-1-saravanan.kadambathursubramaniyam@windriver.com

State

New

Headers

From: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
To: <openembedded-devel@lists.openembedded.org>
Subject: [oe][meta-oe][Kirkstone][PATCH 1/1] udisks2: fix CVE-2025-8067
Date: Tue, 7 Oct 2025 10:57:26 +0530
Message-ID: 
 <20251007052726.2425336-1-saravanan.kadambathursubramaniyam@windriver.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

[meta-oe,Kirkstone,1/1] udisks2: fix CVE-2025-8067 | expand

Commit Message

Saravanan Oct. 7, 2025, 5:27 a.m. UTC

Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-8067

Upstream-patch:
https://github.com/storaged-project/udisks/commit/9ed2186f668c76aeb472de170d62b499d85a1915

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
---
 .../udisks/udisks2/CVE-2025-8067.patch        | 37 +++++++++++++++++++
 .../recipes-support/udisks/udisks2_2.9.4.bb   |  4 +-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-support/udisks/udisks2/CVE-2025-8067.patch

diff --git a/meta-oe/recipes-support/udisks/udisks2/CVE-2025-8067.patch b/meta-oe/recipes-support/udisks/udisks2/CVE-2025-8067.patch
new file mode 100644
index 0000000000..93e79c1e18
--- /dev/null
+++ b/meta-oe/recipes-support/udisks/udisks2/CVE-2025-8067.patch
@@ -0,0 +1,37 @@ 
+From 9ed2186f668c76aeb472de170d62b499d85a1915 Mon Sep 17 00:00:00 2001
+From: Marc Deslauriers <marc.deslauriers@canonical.com>
+Date: Tue, 15 Jul 2025 13:34:08 -0400
+Subject: [PATCH] udiskslinuxmanager: Add lower bounds check to fd_index
+
+CVE: CVE-2025-8067
+
+Make sure fd_index isn't negative as this can lead to an OOB read
+resulting in a crash, or to exposing internal file descriptors.
+
+Reported by Michael Imfeld (born0monday).
+
+(cherry picked from commit 280b127124332c6436bc8273ef677f218b435593)
+
+Upstream-Status: Backport
+[https://github.com/storaged-project/udisks/commit/9ed2186f668c76aeb472de170d62b499d85a1915]
+
+Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
+---
+ src/udiskslinuxmanager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udiskslinuxmanager.c b/src/udiskslinuxmanager.c
+index 7a614f44..76694cfd 100644
+--- a/src/udiskslinuxmanager.c
++++ b/src/udiskslinuxmanager.c
+@@ -359,7 +359,7 @@ handle_loop_setup (UDisksManager          *object,
+     goto out;
+
+   fd_num = g_variant_get_handle (fd_index);
+-  if (fd_list == NULL || fd_num >= g_unix_fd_list_get_length (fd_list))
++  if (fd_list == NULL || fd_num < 0 || fd_num >= g_unix_fd_list_get_length (fd_list))
+     {
+       g_dbus_method_invocation_return_error (invocation,
+                                              UDISKS_ERROR,
+--
+2.39.4
diff --git a/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
index 10d564658c..979b0efae7 100644
--- a/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
+++ b/meta-oe/recipes-support/udisks/udisks2_2.9.4.bb
@@ -18,7 +18,9 @@  DEPENDS += "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
 RDEPENDS:${PN} = "acl"
 
 SRC_URI = "git://github.com/storaged-project/udisks.git;branch=2.9.x-branch;protocol=https \
-           file://CVE-2025-6019.patch "
+           file://CVE-2025-6019.patch \
+           file://CVE-2025-8067.patch "
+
 SRCREV = "001c486e6d099ed33e2de4f5c73c03e3ee180f81"
 S = "${WORKDIR}/git"

[meta-oe,Kirkstone,1/1] udisks2: fix CVE-2025-8067

Commit Message

Patch