Local Privilege Escalation Vulnerability in libblockdev Affects Red Hat
CVE-2025-6019

7HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 19 June 2025

Badges

📰 News Worthy

What is CVE-2025-6019?

A Local Privilege Escalation vulnerability exists in libblockdev that allows a physically present user with 'allow_active' permissions to escalate privileges. By exploiting the interaction between libblockdev and the udisks daemon, an attacker can create a specially crafted XFS image, tricking udisks into resizing it. This process can inadvertently mount the malicious filesystem with root privileges, enabling the execution of a SUID-root shell and granting the attacker full control over the system.

News Articles

Help Net Security

CVE-2025-6018 CVE-2025-6019

Chaining two LPEs to get "root": Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) - Help Net Security

Two local privilege escalation flaws (CVE-2025-6018, CVE-2025-6019) can be exploited in tandem to achieve root access on most Linux distros.

1 day ago

GBHackers News

CVE-2025-6018 CVE-2025-6019

Critical Privilege Escalation Flaws Grant Full Root Access on Multiple Linux Distros

Researchers has uncovered two interconnected local privilege escalation (LPE) vulnerabilities—CVE-2025-6018 and CVE-2025-6019

1 day ago

BleepingComputer

CVE-2025-6019

New Linux udisks flaw lets attackers get root on major Linux distros

Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions.

1 day ago