CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.
Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
New minor release of the libblockdev library with multiple fixes. See below for details.
Full list of changes
Manuel Wassermann (1):
exec: Fix deprecated glib function call Glib will rename "g_spawn_check_exit_status()" to "g_spawn_check_wait_status()" in version 2.69.
Tomasz Paweł Gajc (1):
remove unused variable and fix build with LLVM/clang
Vojtech Trefny (22):
NEWS.rts: Fix markup
crypto: Fix default key size for non XTS ciphers
vdo: Do not use g_memdup in bd_vdo_stats_copy
fs: Allow using empty label for vfat with newest dosfstools
tests: Call fs_vfat_mkfs with "--mbr=n" extra option in tests
kbd: Fix memory leak
crypto: Fix memory leak
dm: Fix memory leak in the DM plugin and DM logging redirect function
fs: Fix memory leak
kbd: Fix memory leak
lvm-dbus: Fix memory leak
mdraid: Fix memory leak
swap: Fix memory leak
tests: Make sure the test temp mount is always unmounted
tests: Do not check that XFS shrink fails with xfsprogs >= 5.12
tests: Temporarily skip test_snapshotcreate_lvorigin_snapshotmerge
Fix skipping tests on Debian testing
crypto: Let cryptsetup autodect encryption sector size when not specified
tests: Do not try to remove VG before removing the VDO pool
tests: Force remove LVM VG /dev/ entry not removed by vgremove
tests: Tag LvmPVVGLVcachePoolCreateRemoveTestCase as unstable
Add missing plugins to the default config
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changqing Li
Khem Raj
Hongxu Jia
Richard Purdie
wangmy