VMware Tools: Unprivileged Users Can Access Encrypted Disk Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

VMware Tools: Unprivileged Users Can Access Encrypted Disk Data

ALSA-2026:3476

Summary

A security update is available for VMware Tools, which is used to access and manage storage devices. If not updated, unauthorized users could potentially access sensitive data from encrypted disks. Apply the update to ensure security and prevent unauthorized access.

What to do

Update almalinux libudisks2 to version 2.10.90-6.el10_1.1.alma.1.
Update almalinux libudisks2-devel to version 2.10.90-6.el10_1.1.alma.1.
Update almalinux udisks2 to version 2.10.90-6.el10_1.1.alma.1.
Update almalinux udisks2-iscsi to version 2.10.90-6.el10_1.1.alma.1.
Update almalinux udisks2-lsm to version 2.10.90-6.el10_1.1.alma.1.
Update almalinux udisks2-lvm2 to version 2.10.90-6.el10_1.1.alma.1.

Affected software

Vendor	Product	Affected versions	Fix available
almalinux	libudisks2	<= 2.10.90-6.el10_1.1.alma.1	2.10.90-6.el10_1.1.alma.1
almalinux	libudisks2-devel	<= 2.10.90-6.el10_1.1.alma.1	2.10.90-6.el10_1.1.alma.1
almalinux	udisks2	<= 2.10.90-6.el10_1.1.alma.1	2.10.90-6.el10_1.1.alma.1
almalinux	udisks2-iscsi	<= 2.10.90-6.el10_1.1.alma.1	2.10.90-6.el10_1.1.alma.1
almalinux	udisks2-lsm	<= 2.10.90-6.el10_1.1.alma.1	2.10.90-6.el10_1.1.alma.1
almalinux	udisks2-lvm2	<= 2.10.90-6.el10_1.1.alma.1	2.10.90-6.el10_1.1.alma.1

Original title

Important: udisks2 security update

Original description

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies.

Security Fix(es):

* udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API (CVE-2026-26104)
* udisks: Missing Authorization Check Allows Unprivileged Users to Restore LUKS Headers via udisks D-Bus API (CVE-2026-26103)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

https://access.redhat.com/errata/RHSA-2026:3476 Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-26103 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-26104 Third Party Advisory
https://bugzilla.redhat.com/2433717 Third Party Advisory
https://bugzilla.redhat.com/2433719 Third Party Advisory
https://errata.almalinux.org/10/ALSA-2026-3476.html Vendor Advisory

Published: 2 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026