漏洞关键信息 漏洞ID: Bug 2433717 (CVE-2026-26104) 漏洞描述: udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API CVE编号: CVE-2026-26104 状态: NEW 优先级: medium 严重性: medium 产品: Security Response 组件: vulnerability 操作系统: Linux 报告时间: 2026-01-28 07:49 UTC 最新修改时间: 2026-02-25 10:32 UTC 漏洞详情 描述: Missing authorization (polkit) vulnerability in the org.freedesktop.UDisks2.Encrypted.HeaderBackup D-Bus method of udisks. The flaw is caused by the absence of a call to udisks_daemon_util_check_authorization_sync() in the handle_header_backup() handler. An unprivileged local user can invoke this system-bus method to cause the root-owned udisks daemon to call bd_crypto_luks_header_backup() and export LUKS headers and keyslot metadata to an arbitrary file path. This allows unauthorized disclosure of sensitive cryptographic material without authentication or user interaction. 影响版本: unspecified 依赖项: #2442587, #2442588