vulnerability

Alma Linux: CVE-2025-6019: Important: libblockdev security update (Multiple Advisories)

Try Surface Command
Back to search
Severity
7
CVSS
(AV:L/AC:M/Au:S/C:C/I:C/A:C)
Published
Jun 19, 2025
Added
Jul 3, 2025
Modified
Aug 11, 2025

Description

A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.

Solutions

alma-upgrade-libblockdevalma-upgrade-libblockdev-cryptoalma-upgrade-libblockdev-crypto-develalma-upgrade-libblockdev-develalma-upgrade-libblockdev-dmalma-upgrade-libblockdev-fsalma-upgrade-libblockdev-fs-develalma-upgrade-libblockdev-kbdalma-upgrade-libblockdev-loopalma-upgrade-libblockdev-loop-develalma-upgrade-libblockdev-lvmalma-upgrade-libblockdev-lvm-dbusalma-upgrade-libblockdev-lvm-develalma-upgrade-libblockdev-mdraidalma-upgrade-libblockdev-mdraid-develalma-upgrade-libblockdev-mpathalma-upgrade-libblockdev-nvdimmalma-upgrade-libblockdev-nvmealma-upgrade-libblockdev-partalma-upgrade-libblockdev-part-develalma-upgrade-libblockdev-plugins-allalma-upgrade-libblockdev-s390alma-upgrade-libblockdev-swapalma-upgrade-libblockdev-swap-develalma-upgrade-libblockdev-toolsalma-upgrade-libblockdev-utilsalma-upgrade-libblockdev-utils-develalma-upgrade-libblockdev-vdoalma-upgrade-libblockdev-vdo-develalma-upgrade-python3-blockdev

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today