Researchers have printed technical particulars and a proof of idea (PoC) for vulnerability CVE-2025-6019 within the libblockdev library, which permits an attacker to achieve root privileges in most Linux distributions. Exploitation of this vulnerability has not been noticed within the wild as but, however because the PoC is freely accessible, attackers may begin exploiting it at any time.
Below what situations can CVE-2025-6019 be exploited?
The libblockdev library is used for low-level operations with block units (e.g., onerous disks) in Linux. The CVE-2025-6019 vulnerability is exploited by accessing the udisks2 daemon (used to handle storage units) — supplied that the attackers handle to acquire the privileges of the lively consumer current on the pc (allow_active).
Virtually all fashionable in style Linux builds embrace udisks, and lovers have already examined the exploitability of the CVE-2025-6019 vulnerability on Ubuntu, Debian, Fedora and openSUSE. In concept, solely the consumer bodily utilizing the pc can have allow_active privileges. Nonetheless, in actuality, an attacker might have the means to acquire allow_active remotely.
For instance, the researchers who found CVE-2025-6019 initially demonstrated it within the exploitation chain, the place allow_active privileges are obtained by way of one other vulnerability — CVE-2025-6018 — which is contained within the configuration of pluggable authentication modules (PAMs). CVE-2025-6018 is current in no less than openSUSE Leap 15 and SUSE Linux Enterprise 15, however could also be related for different distributions as properly.
Learn how to keep secure?
The groups liable for the event of hottest Linux builds instantly began engaged on fixes for vulnerabilities. Patches for Uubuntu are prepared. Customers of different distributions are suggested to maintain a watch out for updates, and promptly set up them as they’re launched.
If the patch will not be but accessible in your Linux distribution, otherwise you can’t set up it for some cause, the Qualys consultants who discovered the vulnerability advocate altering the setting allow_active of the polkit rule org.freedesktop.udisks2.modify-device from sure to auth_admin.
As well as, we advocate forgetting the parable that Linux doesn’t want extra safety. It, like some other working system, is usually a goal for a cyberattack, so it additionally wants safety .
