CVE-2025-6019: time to upgrade Linux | Kaspersky official blog

CVE-2025-6019: time to upgrade Linux | Kaspersky official blog

/in

Researchers have published technical details and a proof of concept (PoC) for vulnerability CVE-2025-6019 in the libblockdev library, which allows an attacker to gain root privileges in most Linux distributions. Exploitation of this vulnerability has not been observed in the wild as yet, but since the PoC is freely available, attackers could start exploiting it at any time.

Under what conditions can CVE-2025-6019 be exploited?

The libblockdev library is used for low-level operations with block devices (e.g., hard disks) in Linux. The CVE-2025-6019 vulnerability is exploited by accessing the udisks2 daemon (used to manage storage devices) — provided that the attackers manage to obtain the privileges of the active user present on the computer (allow_active).

Almost all modern popular Linux builds include udisks, and enthusiasts have already tested the exploitability of the CVE-2025-6019 vulnerability on Ubuntu, Debian, Fedora and openSUSE. In theory, only the user physically using the computer can have allow_active privileges. However, in reality, an attacker may have the means to obtain allow_active remotely.

For example, the researchers who discovered CVE-2025-6019 initially demonstrated it in the exploitation chain, where allow_active privileges are obtained through another vulnerability — CVE-2025-6018 — which is contained in the configuration of pluggable authentication modules (PAMs). CVE-2025-6018 is present in at least openSUSE Leap 15 and SUSE Linux Enterprise 15, but may be relevant for other distributions as well.

How to stay safe?

The teams responsible for the development of most popular Linux builds immediately started working on fixes for vulnerabilities. Patches for Uubuntu are ready. Users of other distributions are advised to keep an eye out for updates, and promptly install them as they’re released.

If the patch is not yet available for your Linux distribution, or you cannot install it for some reason, the Qualys experts who found the vulnerability recommend changing the setting allow_active of the polkit rule org.freedesktop.udisks2.modify-device from yes to auth_admin.

In addition, we recommend forgetting the myth that Linux doesn’t need additional security. It, like any other operating system, can be a target for a cyberattack, so it also needs protection .

Kaspersky official blog – ​Read More