New Linux udisks flaw lets attackers get root on major Linux distros

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2025 Poal.co

789

•

New Linux udisks flaw lets attackers get root on major Linux distros (www.bleepingcomputer.com)

From the post:

>Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. The first flaw (tracked as CVE-2025-6018) was found in the configuration of the Pluggable Authentication Modules (PAM) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15, allowing local attackers to gain the privileges of the "allow_active" user. The other security bug (CVE-2025-6019) was discovered in libblockdev, and it enables an "allow_active" user to gain root permissions via the udisks daemon (a storage management service that runs by default on most Linux distributions)

Archive: https://archive.today/zwk7Y From the post: >>Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. The first flaw (tracked as CVE-2025-6018) was found in the configuration of the Pluggable Authentication Modules (PAM) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15, allowing local attackers to gain the privileges of the "allow_active" user. The other security bug (CVE-2025-6019) was discovered in libblockdev, and it enables an "allow_active" user to gain root permissions via the udisks daemon (a storage management service that runs by default on most Linux distributions)

(post is archived)

[–] • 1 pt

I wish idiots STOPS adding "features" and write decent software

BTW anyone that uses rust is by definition incapable of programming anything decent

should do gardening, instead

link