vulnerability
Amazon Linux 2023: CVE-2025-6019: Medium priority package update for libblockdev (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:S/C:C/I:C/A:C) | Jun 17, 2025 | Jun 24, 2025 | Jul 17, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:S/C:C/I:C/A:C)
Published
Jun 17, 2025
Added
Jun 24, 2025
Modified
Jul 17, 2025
Description
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
Solutions
amazon-linux-2023-upgrade-libblockdevamazon-linux-2023-upgrade-libblockdev-cryptoamazon-linux-2023-upgrade-libblockdev-crypto-debuginfoamazon-linux-2023-upgrade-libblockdev-crypto-develamazon-linux-2023-upgrade-libblockdev-debuginfoamazon-linux-2023-upgrade-libblockdev-debugsourceamazon-linux-2023-upgrade-libblockdev-develamazon-linux-2023-upgrade-libblockdev-dmamazon-linux-2023-upgrade-libblockdev-dm-debuginfoamazon-linux-2023-upgrade-libblockdev-dm-develamazon-linux-2023-upgrade-libblockdev-fsamazon-linux-2023-upgrade-libblockdev-fs-debuginfoamazon-linux-2023-upgrade-libblockdev-fs-develamazon-linux-2023-upgrade-libblockdev-loopamazon-linux-2023-upgrade-libblockdev-loop-debuginfoamazon-linux-2023-upgrade-libblockdev-loop-develamazon-linux-2023-upgrade-libblockdev-lvmamazon-linux-2023-upgrade-libblockdev-lvm-dbusamazon-linux-2023-upgrade-libblockdev-lvm-dbus-debuginfoamazon-linux-2023-upgrade-libblockdev-lvm-dbus-develamazon-linux-2023-upgrade-libblockdev-lvm-debuginfoamazon-linux-2023-upgrade-libblockdev-lvm-develamazon-linux-2023-upgrade-libblockdev-mdraidamazon-linux-2023-upgrade-libblockdev-mdraid-debuginfoamazon-linux-2023-upgrade-libblockdev-mdraid-develamazon-linux-2023-upgrade-libblockdev-mpathamazon-linux-2023-upgrade-libblockdev-mpath-debuginfoamazon-linux-2023-upgrade-libblockdev-mpath-develamazon-linux-2023-upgrade-libblockdev-nvdimmamazon-linux-2023-upgrade-libblockdev-nvdimm-debuginfoamazon-linux-2023-upgrade-libblockdev-nvdimm-develamazon-linux-2023-upgrade-libblockdev-nvmeamazon-linux-2023-upgrade-libblockdev-nvme-debuginfoamazon-linux-2023-upgrade-libblockdev-nvme-develamazon-linux-2023-upgrade-libblockdev-partamazon-linux-2023-upgrade-libblockdev-part-debuginfoamazon-linux-2023-upgrade-libblockdev-part-develamazon-linux-2023-upgrade-libblockdev-plugins-allamazon-linux-2023-upgrade-libblockdev-smartamazon-linux-2023-upgrade-libblockdev-smart-debuginfoamazon-linux-2023-upgrade-libblockdev-smart-develamazon-linux-2023-upgrade-libblockdev-smartmontoolsamazon-linux-2023-upgrade-libblockdev-smartmontools-debuginfoamazon-linux-2023-upgrade-libblockdev-smartmontools-develamazon-linux-2023-upgrade-libblockdev-swapamazon-linux-2023-upgrade-libblockdev-swap-debuginfoamazon-linux-2023-upgrade-libblockdev-swap-develamazon-linux-2023-upgrade-libblockdev-toolsamazon-linux-2023-upgrade-libblockdev-tools-debuginfoamazon-linux-2023-upgrade-libblockdev-utilsamazon-linux-2023-upgrade-libblockdev-utils-debuginfoamazon-linux-2023-upgrade-libblockdev-utils-develamazon-linux-2023-upgrade-libudisks2amazon-linux-2023-upgrade-libudisks2-debuginfoamazon-linux-2023-upgrade-libudisks2-develamazon-linux-2023-upgrade-python3-blockdevamazon-linux-2023-upgrade-udisks2amazon-linux-2023-upgrade-udisks2-debuginfoamazon-linux-2023-upgrade-udisks2-debugsourceamazon-linux-2023-upgrade-udisks2-lsmamazon-linux-2023-upgrade-udisks2-lsm-debuginfoamazon-linux-2023-upgrade-udisks2-lvm2amazon-linux-2023-upgrade-udisks2-lvm2-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.