CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.
Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
===========
- crypto: check that IOC_OPAL_GET_STATUS is defined
- smart: Clarify use of ID_ATA_SMART_ACCESS udev property
- smart: Clarify ID_ATA_SMART_ACCESS udev property values
- nvme: Avoid element-type g-i annotations
- README: Update supported technologies
- dist: Fix source URL in spec
- packit: Fix generating spec from template
- dist: Sync spec with downstream
- misc: Fix installing test dependencies on Debian/Ubuntu
- ci: Do not try to install test dependencies for CodeQL analysis
- lvm: Clarify the global config functionallity in libblockdev
- ci: Install 'python3-libdnf5' for TMT test plans
- Makefile: Fix generating RPM log during bumpver
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changqing Li
Richard Purdie
Wang Mingyu