vulnerability

Amazon Linux AMI 2: CVE-2025-6019: Security patch for libblockdev, udisks2 (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:H/Au:S/C:C/I:C/A:C)	Jun 19, 2025	Jun 25, 2025	Jun 26, 2025

Severity

CVSS

(AV:L/AC:H/Au:S/C:C/I:C/A:C)

Published

Jun 19, 2025

Added

Jun 25, 2025

Modified

Jun 26, 2025

Description

A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.

Solutions

amazon-linux-ami-2-upgrade-libblockdevamazon-linux-ami-2-upgrade-libblockdev-btrfsamazon-linux-ami-2-upgrade-libblockdev-btrfs-develamazon-linux-ami-2-upgrade-libblockdev-cryptoamazon-linux-ami-2-upgrade-libblockdev-crypto-develamazon-linux-ami-2-upgrade-libblockdev-debuginfoamazon-linux-ami-2-upgrade-libblockdev-develamazon-linux-ami-2-upgrade-libblockdev-dmamazon-linux-ami-2-upgrade-libblockdev-dm-develamazon-linux-ami-2-upgrade-libblockdev-fsamazon-linux-ami-2-upgrade-libblockdev-fs-develamazon-linux-ami-2-upgrade-libblockdev-kbdamazon-linux-ami-2-upgrade-libblockdev-kbd-develamazon-linux-ami-2-upgrade-libblockdev-loopamazon-linux-ami-2-upgrade-libblockdev-loop-develamazon-linux-ami-2-upgrade-libblockdev-lvmamazon-linux-ami-2-upgrade-libblockdev-lvm-develamazon-linux-ami-2-upgrade-libblockdev-mdraidamazon-linux-ami-2-upgrade-libblockdev-mdraid-develamazon-linux-ami-2-upgrade-libblockdev-mpathamazon-linux-ami-2-upgrade-libblockdev-mpath-develamazon-linux-ami-2-upgrade-libblockdev-nvdimmamazon-linux-ami-2-upgrade-libblockdev-nvdimm-develamazon-linux-ami-2-upgrade-libblockdev-partamazon-linux-ami-2-upgrade-libblockdev-part-develamazon-linux-ami-2-upgrade-libblockdev-plugins-allamazon-linux-ami-2-upgrade-libblockdev-swapamazon-linux-ami-2-upgrade-libblockdev-swap-develamazon-linux-ami-2-upgrade-libblockdev-utilsamazon-linux-ami-2-upgrade-libblockdev-utils-develamazon-linux-ami-2-upgrade-libudisks2amazon-linux-ami-2-upgrade-libudisks2-develamazon-linux-ami-2-upgrade-python2-blockdevamazon-linux-ami-2-upgrade-udisks2amazon-linux-ami-2-upgrade-udisks2-debuginfoamazon-linux-ami-2-upgrade-udisks2-iscsiamazon-linux-ami-2-upgrade-udisks2-lsmamazon-linux-ami-2-upgrade-udisks2-lvm2

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today