CVE-2025-6019
Description
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
67- osv-coords66 versionspkg:rpm/almalinux/libblockdevpkg:rpm/almalinux/libblockdev-cryptopkg:rpm/almalinux/libblockdev-crypto-develpkg:rpm/almalinux/libblockdev-develpkg:rpm/almalinux/libblockdev-dmpkg:rpm/almalinux/libblockdev-dm-develpkg:rpm/almalinux/libblockdev-fspkg:rpm/almalinux/libblockdev-fs-develpkg:rpm/almalinux/libblockdev-kbdpkg:rpm/almalinux/libblockdev-kbd-develpkg:rpm/almalinux/libblockdev-looppkg:rpm/almalinux/libblockdev-loop-develpkg:rpm/almalinux/libblockdev-lvmpkg:rpm/almalinux/libblockdev-lvm-dbuspkg:rpm/almalinux/libblockdev-lvm-dbus-develpkg:rpm/almalinux/libblockdev-lvm-develpkg:rpm/almalinux/libblockdev-mdraidpkg:rpm/almalinux/libblockdev-mdraid-develpkg:rpm/almalinux/libblockdev-mpathpkg:rpm/almalinux/libblockdev-mpath-develpkg:rpm/almalinux/libblockdev-nvdimmpkg:rpm/almalinux/libblockdev-nvdimm-develpkg:rpm/almalinux/libblockdev-nvmepkg:rpm/almalinux/libblockdev-nvme-develpkg:rpm/almalinux/libblockdev-partpkg:rpm/almalinux/libblockdev-part-develpkg:rpm/almalinux/libblockdev-plugins-allpkg:rpm/almalinux/libblockdev-s390pkg:rpm/almalinux/libblockdev-s390-develpkg:rpm/almalinux/libblockdev-smartpkg:rpm/almalinux/libblockdev-smart-develpkg:rpm/almalinux/libblockdev-smartmontoolspkg:rpm/almalinux/libblockdev-smartmontools-develpkg:rpm/almalinux/libblockdev-swappkg:rpm/almalinux/libblockdev-swap-develpkg:rpm/almalinux/libblockdev-toolspkg:rpm/almalinux/libblockdev-utilspkg:rpm/almalinux/libblockdev-utils-develpkg:rpm/almalinux/libblockdev-vdopkg:rpm/almalinux/libblockdev-vdo-develpkg:rpm/almalinux/python3-blockdevpkg:rpm/opensuse/libblockdev&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libblockdev&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libblockdev&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libblockdev&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/libblockdev&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/libblockdev&distro=SUSE%20Manager%20Server%204.3
< 2.28-14.el9_6+ 65 more
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-7.el8_10
- (no CPE)range: < 2.28-7.el8_10
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-6.el8.alma.1
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-7.el8_10
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-6.el8.alma.1
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-7.el8_10
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-6.el8.alma.1
- (no CPE)range: < 2.28-7.el8_10
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-7.el8_10
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-6.el8.alma.1
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-6.el8.alma.1
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-13.el9_6.alma.1
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-7.el8_10
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-6.el8.alma.1
- (no CPE)range: < 3.2.0-4.el10_0
- (no CPE)range: < 3.2.0-3.el10_0.alma.1
- (no CPE)range: < 3.2.0-4.el10_0
- (no CPE)range: < 3.2.0-3.el10_0.alma.1
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-7.el8_10
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.28-7.el8_10
- (no CPE)range: < 2.28-7.el8_10
- (no CPE)range: < 2.28-7.el8_10
- (no CPE)range: < 2.28-14.el9_6
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 3.1.1-2.1
- (no CPE)range: < 2.22-150200.3.3.1
- (no CPE)range: < 2.22-150200.3.3.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.22-150200.3.3.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.22-150200.3.3.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.28-2.1
- (no CPE)range: < 2.28-slfo.1.1_2.1
- (no CPE)range: < 2.26-150400.3.5.1
- (no CPE)range: < 2.26-150400.3.5.1
Patches
Vulnerability mechanics
References
20- www.openwall.com/lists/oss-security/2025/06/17/5nvd
- www.openwall.com/lists/oss-security/2025/06/17/6nvd
- www.openwall.com/lists/oss-security/2025/06/18/1nvd
- access.redhat.com/errata/RHSA-2025:10796nvd
- access.redhat.com/errata/RHSA-2025:9320nvd
- access.redhat.com/errata/RHSA-2025:9321nvd
- access.redhat.com/errata/RHSA-2025:9322nvd
- access.redhat.com/errata/RHSA-2025:9323nvd
- access.redhat.com/errata/RHSA-2025:9324nvd
- access.redhat.com/errata/RHSA-2025:9325nvd
- access.redhat.com/errata/RHSA-2025:9326nvd
- access.redhat.com/errata/RHSA-2025:9327nvd
- access.redhat.com/errata/RHSA-2025:9328nvd
- access.redhat.com/errata/RHSA-2025:9878nvd
- access.redhat.com/security/cve/CVE-2025-6019nvd
- bugzilla.redhat.com/show_bug.cginvd
- cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txtnvd
- lists.debian.org/debian-lts-announce/2025/06/msg00018.htmlnvd
- news.ycombinator.com/itemnvd
- www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/nvd
News mentions
0No linked articles in our index yet.