cve-2025-6019
Vulnerability from cvelistv5
Published
2025-06-19 11:55
Modified
2025-06-24 03:55
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Libblockdev: lpe from allow_active to root in libblockdev via udisks
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9320
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9321
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9322
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9323
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9324
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9325
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9326
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9327
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9328
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-6019
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2370051
secalert@redhat.comhttps://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2025/06/17/5
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2025/06/17/6
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2025/06/18/1
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html
af854a3a-2127-422b-91ae-364da2661108https://news.ycombinator.com/item?id=44325861
af854a3a-2127-422b-91ae-364da2661108https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/
Impacted products
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions
Red HatRed Hat Enterprise Linux 9
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-06-23T13:39:55.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/06/17/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/06/17/6"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/06/18/1"
          },
          {
            "url": "https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/"
          },
          {
            "url": "https://news.ycombinator.com/item?id=44325861"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6019",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-24T03:55:33.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.0-4.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.19-13.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.24-6.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.24-9.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.24-9.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.24-9.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.28-3.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.28-14.el9_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.25-12.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.28-5.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.28-11.el9_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libblockdev",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-06-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the \"allow_active\" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an \"allow_active\" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation.  However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-23T06:29:35.291Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:9320",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9320"
        },
        {
          "name": "RHSA-2025:9321",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9321"
        },
        {
          "name": "RHSA-2025:9322",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9322"
        },
        {
          "name": "RHSA-2025:9323",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9323"
        },
        {
          "name": "RHSA-2025:9324",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9324"
        },
        {
          "name": "RHSA-2025:9325",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9325"
        },
        {
          "name": "RHSA-2025:9326",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9326"
        },
        {
          "name": "RHSA-2025:9327",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9327"
        },
        {
          "name": "RHSA-2025:9328",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9328"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-6019"
        },
        {
          "name": "RHBZ#2370051",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370051"
        },
        {
          "url": "https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-03T15:58:30.591000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-06-17T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Libblockdev: lpe from allow_active to root in libblockdev via udisks",
      "workarounds": [
        {
          "lang": "en",
          "value": "Currently, no mitigation is available for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-250: Execution with Unnecessary Privileges"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-6019",
    "datePublished": "2025-06-19T11:55:57.380Z",
    "dateReserved": "2025-06-11T22:14:52.625Z",
    "dateUpdated": "2025-06-24T03:55:33.066Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-6019\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-06-19T12:15:19.727\",\"lastModified\":\"2025-06-23T20:16:59.783\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the \\\"allow_active\\\" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an \\\"allow_active\\\" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation.  However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad de Escalada de Privilegios Locales (LPE) en libblockdev. Generalmente, la configuraci\u00f3n \\\"allow_active\\\" de Polkit permite a un usuario f\u00edsicamente presente realizar ciertas acciones seg\u00fan el tipo de sesi\u00f3n. Debido a la forma en que libblockdev interact\u00faa con el daemon udisks, un usuario \\\"allow_active\\\" en un sistema puede escalar a privilegios de root completos en el host objetivo. Normalmente, udisks monta im\u00e1genes del sistema de archivos proporcionadas por el usuario con indicadores de seguridad como nosuid y nodev para evitar la escalada de privilegios. Sin embargo, un atacante local puede crear una imagen XFS especialmente manipulada que contenga un shell SUID-root y luego enga\u00f1ar a udisks para que la redimensione. Esto monta su sistema de archivos malicioso con privilegios de root, lo que le permite ejecutar su shell SUID-root y obtener el control total del sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-250\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:9320\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:9321\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:9322\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:9323\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:9324\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:9325\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:9326\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:9327\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:9328\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-6019\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2370051\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/06/17/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/06/17/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/06/18/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://news.ycombinator.com/item?id=44325861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.