udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitiv...

Important: Red Hat Security Advisory: udisks2 security update

An update for udisks2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2026-26103

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

CVE-2026-26103 Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

EUVD-2021-33997

Malicious code in bioql PyPI...

EUVD-2022-3763

Malicious code in bioql PyPI...

RHEL 7 : openstack-nova (RHSA-2018:2332)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2332 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 7 : openstack-nova (RHSA-2018:2714)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2714 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

Rocky Linux 8 : cryptsetup (RLSA-2022:0370)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0370 advisory. - It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical...

EulerOS Virtualization 2.11.1 : cryptsetup (EulerOS-SA-2023-2033)

According to the versions of the cryptsetup packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the...

EulerOS Virtualization 2.11.0 : cryptsetup (EulerOS-SA-2023-2085)

According to the versions of the cryptsetup packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the...

Amazon Linux 2023 : cryptsetup, cryptsetup-devel, cryptsetup-libs (ALAS2023-2023-027)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-027 advisory. It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk...

SUSE CVE-2017-18191

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. The same code error...

SUSE CVE-2021-4122

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that...

Huawei EulerOS: Security Advisory for cryptsetup (EulerOS-SA-2023-1004)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for cryptsetup (EulerOS-SA-2023-1029)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : cryptsetup (EulerOS-SA-2023-1029)

According to the versions of the cryptsetup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An...

Huawei EulerOS: Security Advisory for cryptsetup (EulerOS-SA-2022-2870)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : cryptsetup (EulerOS-SA-2022-2888)

According to the versions of the cryptsetup packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the...

EulerOS Virtualization 2.10.0 : cryptsetup (EulerOS-SA-2022-2870)

According to the versions of the cryptsetup packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the...