{"id":"CVE-2025-6019","details":"A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the \"allow_active\" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an \"allow_active\" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation.  However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.","modified":"2026-04-16T04:32:52.097649606Z","published":"2025-06-19T12:15:19Z","related":["ALSA-2025:9327","ALSA-2025:9328","ALSA-2025:9878","ALSA-2025:A004","ALSA-2025:A005","ALSA-2025:A006","SUSE-SU-2025:02043-1","SUSE-SU-2025:02044-1","SUSE-SU-2025:20426-1","SUSE-SU-2025:20440-1","openSUSE-SU-2025:15237-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:10796"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9320"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9321"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9322"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9323"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9324"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9325"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9326"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9327"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9328"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9878"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370051"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2025-6019"},{"type":"WEB","url":"https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/06/17/5"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/06/17/6"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/06/18/1"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html"},{"type":"WEB","url":"https://news.ycombinator.com/item?id=44325861"},{"type":"WEB","url":"https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/"}],"schema_version":"1.7.5"}