diff --git a/0006-CVE-2025-8067.patch b/0006-CVE-2025-8067.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9cb1361894e328b2aeb2ff22ede42beef83c3cee
--- /dev/null
+++ b/0006-CVE-2025-8067.patch
@@ -0,0 +1,28 @@
+From 9ed2186f668c76aeb472de170d62b499d85a1915 Mon Sep 17 00:00:00 2001
+From: Marc Deslauriers <marc.deslauriers@canonical.com>
+Date: Tue, 15 Jul 2025 13:34:08 -0400
+Subject: [PATCH] udiskslinuxmanager: Add lower bounds check to fd_index
+
+Make sure fd_index isn't negative as this can lead to an OOB read
+resulting in a crash, or to exposing internal file descriptors.
+
+Reported by Michael Imfeld (born0monday).
+
+(cherry picked from commit 280b127124332c6436bc8273ef677f218b435593)
+---
+ src/udiskslinuxmanager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udiskslinuxmanager.c b/src/udiskslinuxmanager.c
+index 491edb92b..317d7ce6a 100644
+--- a/src/udiskslinuxmanager.c
++++ b/src/udiskslinuxmanager.c
+@@ -381,7 +381,7 @@ handle_loop_setup (UDisksManager          *object,
+     goto out;
+ 
+   fd_num = g_variant_get_handle (fd_index);
+-  if (fd_list == NULL || fd_num >= g_unix_fd_list_get_length (fd_list))
++  if (fd_list == NULL || fd_num < 0 || fd_num >= g_unix_fd_list_get_length (fd_list))
+     {
+       g_dbus_method_invocation_return_error (invocation,
+                                              UDISKS_ERROR,
diff --git a/udisks2.spec b/udisks2.spec
index 5045899bc90ea6072a75884fe4e8ad53d71adf1d..0ff38e71fd0290e90f9b29328af4798ece8099a9 100644
--- a/udisks2.spec
+++ b/udisks2.spec
@@ -19,7 +19,7 @@
 Name:    udisks2
 Summary: Disk Manager
 Version: 2.10.1
-Release: 6
+Release: 7
 License: GPL-2.0+ and LGPL-2.0+
 Group:   System Environment/Libraries
 URL:     https://github.com/storaged-project/udisks
@@ -30,6 +30,7 @@ Patch0002: 0002-udiskslinuxmanager-use-dbus-interface-after-free.patch
 Patch0003: 0003-udiskslinuxblock-Fix-leaking-string.patch
 Patch0004: 0004-fix-CVE-2025-6019-udiskslinuxfilesystemhelpers-mount-with-nosuid-nodev.patch
 Patch0005: 0005-helpers-fixed-memleak-and-misprint-check-for-creating-second-BDCrypto-context.patch
+Patch0006: 0006-CVE-2025-8067.patch
 
 BuildRequires: make
 BuildRequires: glib2-devel >= %{glib2_version}
@@ -320,6 +321,9 @@ fi
 
 
 %changelog
+* Wed Sep 03 2025 wangmian <wangmian19@h-partners.com> - 2.10.1-7
+- fix CVE-2025-8067
+
 * Thu Aug 21 2025 cenhuilin <cenhuilin@kylinos.cn> - 2.10.1-6
 - helpers: fixed memleak and misprint check for creating second BDCrypto context