CVE-2025-6019
Libblockdev: lpe from allow_active to root in libblockdev via udisks
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Libblockdev: lpe from allow_active to root in libblockdev via udisks
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
Reserved 2025-06-11 | Published 2025-06-19 | Updated 2025-06-19 | Assigner redhatExecution with Unnecessary Privileges
| 2025-06-03: | Reported to Red Hat. |
| 2025-06-17: | Made public. |
access.redhat.com/security/cve/CVE-2025-6019
bugzilla.redhat.com/show_bug.cgi?id=2370051 (RHBZ#2370051)
Support options
