CVE-2025-6019

NameCVE-2025-6019
DescriptionA Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4221-1, DSA-5943-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libblockdev (PTS)bullseye2.25-2vulnerable
bullseye (security)2.25-2+deb11u1fixed
bookworm2.28-2vulnerable
bookworm (security)2.28-2+deb12u1fixed
sid, trixie3.3.0-2.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libblockdevsourcebullseye2.25-2+deb11u1DLA-4221-1
libblockdevsourcebookworm2.28-2+deb12u1DSA-5943-1
libblockdevsource(unstable)3.3.0-2.1

Notes

https://www.openwall.com/lists/oss-security/2025/06/17/4
https://www.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Fixed by: https://github.com/storaged-project/libblockdev/commit/46b54414f66e965e3c37f8f51e621f96258ae22e (3.3.1)
As hardening measure udisks2 (in unstable since 2.10.1-12.1)
will enforce that private mounts are mounted with 'nodev,nosuid'.
https://github.com/storaged-project/udisks/commit/5e7277debea926370e587408517560afe87d28c9

Search for package or bug name: Reporting problems