{"id":24197,"date":"2025-06-19T20:38:12","date_gmt":"2025-06-19T16:38:12","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/cve-2025-6019-vulnerability-linux\/24197\/"},"modified":"2025-06-19T20:38:12","modified_gmt":"2025-06-19T16:38:12","slug":"cve-2025-6019-vulnerability-linux","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/cve-2025-6019-vulnerability-linux\/24197\/","title":{"rendered":"CVE-2025-6019: time to update Linux"},"content":{"rendered":"

Researchers have published <\/a>technical details and a proof of concept (PoC<\/a>) for vulnerability CVE-2025-6019 <\/a>in the libblockdev library, which allows an attacker to gain root privileges in most Linux distributions. Exploitation of this vulnerability has not been observed in the wild as yet, but since the PoC is freely available, attackers could start exploiting it at any time.<\/p>\n

Under what conditions can CVE-2025-6019 be exploited?<\/h2>\n

The libblockdev library is used for low-level operations with block devices (e.g., hard disks) in Linux. The CVE-2025-6019 vulnerability is exploited by accessing the udisks2<\/em> daemon (used to manage storage devices) \u2014 provided that the attackers manage to obtain the privileges of the active user present on the computer (allow_active<\/em>).<\/p>\n

Almost all modern popular Linux builds include udisks, and enthusiasts have already tested the exploitability of the CVE-2025-6019 vulnerability on Ubuntu, Debian, Fedora and openSUSE. In theory, only the user physically using the computer can have allow_active<\/em> privileges. However, in reality, an attacker may have the means to obtain allow_active<\/em> remotely.<\/p>\n

For example, the researchers who discovered CVE-2025-6019 initially demonstrated <\/a>it in the exploitation chain, where allow_active<\/em> privileges are obtained through another vulnerability \u2014 CVE-2025-6018<\/a> \u2014 which is contained in the configuration of pluggable authentication modules (PAMs). CVE-2025-6018 is present in at least openSUSE Leap 15 and SUSE Linux Enterprise 15, but may be relevant for other distributions as well.<\/p>\n

How to stay safe?<\/h3>\n

The teams responsible for the development of most popular Linux builds immediately started working on fixes for vulnerabilities. Patches for Uubuntu are ready<\/a>. Users of other distributions are advised to keep an eye out for updates, and promptly install them as they\u2019re released.<\/p>\n

If the patch is not yet available for your Linux distribution, or you cannot install it for some reason, the Qualys experts who found the vulnerability recommend changing the setting allow_active <\/em>of the polkit rule org.freedesktop.udisks2.modify-device <\/em>from yes <\/em>to auth_admin<\/em>.<\/p>\n

In addition, we recommend forgetting the myth that Linux doesn\u2019t need additional security. It, like any other operating system, can be a target for a cyberattack, so it also needs protection <\/a>.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Researchers have found a vulnerability that allows attackers to get root privileges on most Linux distributions.<\/p>\n","protected":false},"author":2698,"featured_media":24198,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916,1917],"tags":[533,268],"class_list":{"0":"post-24197","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"tag-linux","11":"tag-vulnerabilities"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cve-2025-6019-vulnerability-linux\/24197\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cve-2025-6019-vulnerability-linux\/28967\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cve-2025-6019-vulnerability-linux\/29078\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cve-2025-6019-vulnerability-linux\/39923\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cve-2025-6019-vulnerability-linux\/53665\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cve-2025-6019-vulnerability-linux\/29296\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cve-2025-6019-vulnerability-linux\/35006\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cve-2025-6019-vulnerability-linux\/34643\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/vulnerabilities\/","name":"vulnerabilities"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2698"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=24197"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24197\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/24198"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=24197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=24197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=24197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}