CVE-2025-6019: time to update Linux

[harlan4096]

Researchers have found a vulnerability that allows attackers to get root privileges on most Linux distributions.
 
Researchers have published technical details and a proof of concept (PoC) for vulnerability CVE-2025-6019 in the libblockdev library, which allows an attacker to gain root privileges in most Linux distributions. Exploitation of this vulnerability has not been observed in the wild as yet, but since the PoC is freely available, attackers could start exploiting it at any time.

Under what conditions can CVE-2025-6019 be exploited?

The libblockdev library is used for low-level operations with block devices (e.g., hard disks) in Linux. The CVE-2025-6019 vulnerability is exploited by accessing the udisks2 daemon (used to manage storage devices) — provided that the attackers manage to obtain the privileges of the active user present on the computer (allow_active).

Almost all modern popular Linux builds include udisks, and enthusiasts have already tested the exploitability of the CVE-2025-6019 vulnerability on Ubuntu, Debian, Fedora and openSUSE. In theory, only the user physically using the computer can have allow_active privileges. However, in reality, an attacker may have the means to obtain allow_active remotely.

For example, the researchers who discovered CVE-2025-6019 initially demonstrated it in the exploitation chain, where allow_active privileges are obtained through another vulnerability — CVE-2025-6018 — which is contained in the configuration of pluggable authentication modules (PAMs). CVE-2025-6018 is present in at least openSUSE Leap 15 and SUSE Linux Enterprise 15, but may be relevant for other distributions as well.

Continue Reading...