From 523ca58cf2f9e51c1a83c84be9e8a9a650be0d98 Mon Sep 17 00:00:00 2001
From: Wang_M <815543835@qq.com>
Date: Wed, 3 Sep 2025 03:28:49 +0000
Subject: [PATCH] fix CVE-2025-8067

(cherry picked from commit 2f8c9dc19db9457786cee744d6a6a72733c237e7)
---
 0006-CVE-2025-8067.patch | 28 ++++++++++++++++++++++++++++
 udisks2.spec             |  6 +++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 0006-CVE-2025-8067.patch

diff --git a/0006-CVE-2025-8067.patch b/0006-CVE-2025-8067.patch
new file mode 100644
index 0000000..9cb1361
--- /dev/null
+++ b/0006-CVE-2025-8067.patch
@@ -0,0 +1,28 @@
+From 9ed2186f668c76aeb472de170d62b499d85a1915 Mon Sep 17 00:00:00 2001
+From: Marc Deslauriers <marc.deslauriers@canonical.com>
+Date: Tue, 15 Jul 2025 13:34:08 -0400
+Subject: [PATCH] udiskslinuxmanager: Add lower bounds check to fd_index
+
+Make sure fd_index isn't negative as this can lead to an OOB read
+resulting in a crash, or to exposing internal file descriptors.
+
+Reported by Michael Imfeld (born0monday).
+
+(cherry picked from commit 280b127124332c6436bc8273ef677f218b435593)
+---
+ src/udiskslinuxmanager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udiskslinuxmanager.c b/src/udiskslinuxmanager.c
+index 491edb92b..317d7ce6a 100644
+--- a/src/udiskslinuxmanager.c
++++ b/src/udiskslinuxmanager.c
+@@ -381,7 +381,7 @@ handle_loop_setup (UDisksManager          *object,
+     goto out;
+ 
+   fd_num = g_variant_get_handle (fd_index);
+-  if (fd_list == NULL || fd_num >= g_unix_fd_list_get_length (fd_list))
++  if (fd_list == NULL || fd_num < 0 || fd_num >= g_unix_fd_list_get_length (fd_list))
+     {
+       g_dbus_method_invocation_return_error (invocation,
+                                              UDISKS_ERROR,
diff --git a/udisks2.spec b/udisks2.spec
index 5045899..0ff38e7 100644
--- a/udisks2.spec
+++ b/udisks2.spec
@@ -19,7 +19,7 @@
 Name:    udisks2
 Summary: Disk Manager
 Version: 2.10.1
-Release: 6
+Release: 7
 License: GPL-2.0+ and LGPL-2.0+
 Group:   System Environment/Libraries
 URL:     https://github.com/storaged-project/udisks
@@ -30,6 +30,7 @@ Patch0002: 0002-udiskslinuxmanager-use-dbus-interface-after-free.patch
 Patch0003: 0003-udiskslinuxblock-Fix-leaking-string.patch
 Patch0004: 0004-fix-CVE-2025-6019-udiskslinuxfilesystemhelpers-mount-with-nosuid-nodev.patch
 Patch0005: 0005-helpers-fixed-memleak-and-misprint-check-for-creating-second-BDCrypto-context.patch
+Patch0006: 0006-CVE-2025-8067.patch
 
 BuildRequires: make
 BuildRequires: glib2-devel >= %{glib2_version}
@@ -320,6 +321,9 @@ fi
 
 
 %changelog
+* Wed Sep 03 2025 wangmian <wangmian19@h-partners.com> - 2.10.1-7
+- fix CVE-2025-8067
+
 * Thu Aug 21 2025 cenhuilin <cenhuilin@kylinos.cn> - 2.10.1-6
 - helpers: fixed memleak and misprint check for creating second BDCrypto context
 
-- 
Gitee