CyberSecurity news
FlagThis
Veronika Telychko@SOC Prime Blog
//
Two critical local privilege escalation (LPE) vulnerabilities, CVE-2025-6018 and CVE-2025-6019, have been publicly disclosed, impacting a wide range of Linux distributions. Cybersecurity researchers at Qualys discovered that these vulnerabilities, when chained together, could allow an unprivileged user to gain full root access on vulnerable systems. The flaws reside in the Pluggable Authentication Modules (PAM) configuration (CVE-2025-6018) and the libblockdev library (CVE-2025-6019), with the latter being exploitable through the udisks daemon, which is commonly deployed by default in many Linux distributions.
Researchers have released proof-of-concept (PoC) exploit code demonstrating the effectiveness of the vulnerability chain, raising concerns about potential exploitation in the wild. CVE-2025-6018 allows an unprivileged local user to elevate permissions to "allow_active" status, enabling them to invoke Polkit actions typically reserved for users with physical access to the machine. CVE-2025-6019 then permits an "allow_active" user to gain full root privileges, effectively bypassing security controls and allowing for broader post-compromise actions.
The teams responsible for the development of most popular Linux builds have already begun working on fixes for these vulnerabilities. Patches for Ubuntu are reportedly ready, and users of other distributions are advised to closely monitor for updates and promptly install them as they become available. As a temporary workaround, Qualys recommends modifying the Polkit rule for "org.freedesktop.udisks2.modify-device" to require administrator authentication ("auth_admin"). This highlights the critical importance of regular patching and vulnerability management in maintaining the security of Linux systems.
ImgSrc: socprime.com
References :
Researchers have released proof-of-concept (PoC) exploit code demonstrating the effectiveness of the vulnerability chain, raising concerns about potential exploitation in the wild. CVE-2025-6018 allows an unprivileged local user to elevate permissions to "allow_active" status, enabling them to invoke Polkit actions typically reserved for users with physical access to the machine. CVE-2025-6019 then permits an "allow_active" user to gain full root privileges, effectively bypassing security controls and allowing for broader post-compromise actions.
The teams responsible for the development of most popular Linux builds have already begun working on fixes for these vulnerabilities. Patches for Ubuntu are reportedly ready, and users of other distributions are advised to closely monitor for updates and promptly install them as they become available. As a temporary workaround, Qualys recommends modifying the Polkit rule for "org.freedesktop.udisks2.modify-device" to require administrator authentication ("auth_admin"). This highlights the critical importance of regular patching and vulnerability management in maintaining the security of Linux systems.
ImgSrc: socprime.com
Share:
References :
- Blog: Field Effect details the vulnerabilities and the availability of proof-of-concept exploit code.
- SOC Prime Blog: SocPrime's blog post discusses the CVE-2025-6018 and CVE-2025-6019 vulnerabilities and their potential impact.
- Kaspersky official blog: Vulnerability CVE-2025-6019 allows an attacker to gain root privileges in most Linux distributions.
- The Hacker News: New Linux Kernel Vulnerabilities Allow Full Root Access via PAM and Udisks Across Major Distributions
- securityaffairs.com: This article explains the two LPE vulnerabilities impacting Linux systems.
Classification:
- HashTags: #Linux #Vulnerability #PrivilegeEscalation
- Target: Linux Systems
- Product: Linux
- Feature: Local Privilege Escalation
- Type: Vulnerability
- Severity: Major