← volver
CVE-2025-6019

Libblockdev: lpe from allow_active to root in libblockdev via udisks

CVSS 7 HIGHEPSS 0.4%CWE-250
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
libblockdevRed Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.4 Extended Update Support

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2025:10796https://access.redhat.com/errata/RHSA-2025:9320https://access.redhat.com/errata/RHSA-2025:9321https://access.redhat.com/errata/RHSA-2025:9322https://access.redhat.com/errata/RHSA-2025:9323https://access.redhat.com/errata/RHSA-2025:9324https://access.redhat.com/errata/RHSA-2025:9325https://access.redhat.com/errata/RHSA-2025:9326https://access.redhat.com/errata/RHSA-2025:9327https://access.redhat.com/errata/RHSA-2025:9328https://access.redhat.com/errata/RHSA-2025:9878https://access.redhat.com/security/cve/CVE-2025-6019