{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-6019","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2025-06-11T22:14:52.625Z","datePublished":"2025-06-19T11:55:57.380Z","dateUpdated":"2026-06-30T11:10:04.975Z"},"containers":{"cna":{"title":"Libblockdev: lpe from allow_active to root in libblockdev via udisks","metrics":[{"other":{"content":{"value":"Important","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the \"allow_active\" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an \"allow_active\" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation.  However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system."}],"affected":[{"versions":[{"status":"affected","version":"0","lessThan":"3.3.1","versionType":"semver"}],"packageName":"libblockdev","collectionURL":"https://github.com/storaged-project/libblockdev/","defaultStatus":"unaffected"},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:3.2.0-4.el10_0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:enterprise_linux:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:2.18-5.el7_9.1","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:2.28-7.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.2 Advanced Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:2.19-13.el8_2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_aus:8.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:2.24-6.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:2.24-9.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Telecommunications Update Service","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:2.24-9.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:2.24-9.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_e4s:8.6::appstream","cpe:/a:redhat:rhel_tus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:2.28-3.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:2.28-14.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:2.25-12.el9_0","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:2.28-5.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Extended Update Support","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libblockdev","defaultStatus":"affected","versions":[{"version":"0:2.28-11.el9_4","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:10796","name":"RHSA-2025:10796","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:9320","name":"RHSA-2025:9320","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:9321","name":"RHSA-2025:9321","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:9322","name":"RHSA-2025:9322","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:9323","name":"RHSA-2025:9323","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:9324","name":"RHSA-2025:9324","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:9325","name":"RHSA-2025:9325","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:9326","name":"RHSA-2025:9326","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:9327","name":"RHSA-2025:9327","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:9328","name":"RHSA-2025:9328","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:9878","name":"RHSA-2025:9878","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2025-6019","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370051","name":"RHBZ#2370051","tags":["issue-tracking","x_refsource_REDHAT"]},{"url":"https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt"}],"datePublic":"2025-06-17T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-250","description":"Execution with Unnecessary Privileges","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-250: Execution with Unnecessary Privileges","workarounds":[{"lang":"en","value":"Currently, no mitigation is available for this vulnerability."}],"timeline":[{"lang":"en","time":"2025-06-03T15:58:30.591Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-06-17T00:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-06-30T11:10:04.975Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-06-23T13:39:55.143Z"},"references":[{"url":"http://www.openwall.com/lists/oss-security/2025/06/17/5"},{"url":"http://www.openwall.com/lists/oss-security/2025/06/17/6"},{"url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00018.html"},{"url":"http://www.openwall.com/lists/oss-security/2025/06/18/1"},{"url":"https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/"},{"url":"https://news.ycombinator.com/item?id=44325861"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-6019","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-06-24T03:55:34.080434Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:50:28.586Z"}}]}}