Changqing Li e73af91ee3
libblockdev: fix CVE-2025-6019 ...
CVE-2025-6019:
A Local Privilege Escalation (LPE) vulnerability was found in
libblockdev. Generally, the "allow_active" setting in Polkit permits a
physically present user to take certain actions based on the session
type. Due to the way libblockdev interacts with the udisks daemon, an
"allow_active" user on a system may be able escalate to full root
privileges on the target host. Normally, udisks mounts user-provided
filesystem images with security flags like nosuid and nodev to prevent
privilege escalation. However, a local attacker can create a specially
crafted XFS image containing a SUID-root shell, then trick udisks into
resizing it. This mounts their malicious filesystem with root
privileges, allowing them to execute their SUID-root shell and gain
complete control of the system.
Refer:
https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Armin Kuster <akuster808@gmail.com >
2025-07-13 14:35:44 -04:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2022-05-03 06:49:08 -07:00
2021-11-03 06:57:49 -07:00
2022-04-11 08:52:55 -07:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2021-11-03 06:57:49 -07:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2025-03-06 09:44:32 -05:00
2021-11-03 06:57:49 -07:00
2023-04-04 09:04:45 -04:00
2021-11-03 06:57:49 -07:00
2022-03-04 17:41:45 -08:00
2021-11-03 06:57:49 -07:00
2022-05-03 06:49:08 -07:00
2022-04-19 09:45:38 -07:00
2022-04-11 07:46:51 -07:00
2022-05-03 06:49:08 -07:00
2021-11-03 06:57:49 -07:00
2022-03-04 17:41:45 -08:00
2023-09-06 09:13:26 -04:00
2022-04-13 19:21:40 -07:00
2024-12-08 15:01:32 -05:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2023-03-22 07:32:56 -04:00
2022-03-04 17:41:45 -08:00
2021-11-03 06:57:49 -07:00
2021-11-03 06:57:49 -07:00
2025-07-13 14:35:44 -04:00
2022-09-25 11:00:54 -04:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2017-09-07 10:57:37 +02:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2022-07-21 07:17:06 -07:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2023-03-05 07:45:40 -05:00
2019-10-25 10:29:51 -07:00
2022-03-04 17:41:45 -08:00
2025-03-20 09:56:59 -04:00
2022-03-04 17:41:45 -08:00
2023-08-25 10:39:56 -04:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2016-08-22 15:49:29 +02:00
2023-07-25 07:23:15 -04:00
2022-04-06 20:25:34 -04:00
2022-04-14 19:42:10 -07:00
2022-03-04 17:41:45 -08:00
2022-04-12 09:28:25 -07:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2021-11-03 06:57:49 -07:00
2022-05-03 06:49:07 -07:00
2022-01-12 09:35:18 -08:00
2021-08-03 10:21:25 -07:00
2017-07-24 18:58:51 +02:00
2022-03-04 17:41:45 -08:00
2023-04-13 08:25:54 -04:00
2022-05-23 07:37:55 -07:00
2024-12-08 15:03:06 -05:00
2022-03-04 17:41:45 -08:00
2022-05-03 06:49:07 -07:00
2022-04-14 19:42:10 -07:00
2022-03-04 17:41:45 -08:00
2022-03-26 18:15:11 -07:00
2022-10-04 15:46:54 -04:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2025-07-02 20:30:58 -04:00
2022-03-21 08:25:11 -07:00
2022-03-24 09:45:25 -07:00
2022-07-21 07:36:05 -07:00
2022-05-17 05:57:10 -07:00
2022-07-21 07:17:15 -07:00
2018-11-26 09:38:13 -08:00
2022-07-21 07:17:15 -07:00
2017-09-13 11:13:21 +02:00
2021-08-03 10:21:25 -07:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2022-03-07 09:27:53 -08:00
2022-01-25 09:13:09 -08:00
2025-07-02 20:36:29 -04:00
2022-03-24 09:45:25 -07:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2021-11-03 06:57:49 -07:00
2021-08-03 10:21:25 -07:00
2022-03-04 17:41:45 -08:00
2022-03-21 08:25:11 -07:00
2022-01-12 09:35:18 -08:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2022-03-04 17:41:45 -08:00
2022-04-10 10:05:35 -07:00
2022-03-04 17:41:45 -08:00
2021-08-03 10:21:25 -07:00
2021-11-03 06:57:49 -07:00
Changqing Li
e73af91ee3