MiracleLinux 7 : libblockdev-2.18-5.0.1.el7.AXS7 (AXSA:2025-10699:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10699:04 advisory. CVE-2025-6019: don't allow suid and dev set on fs resize CVEs: CVE-2025-6019 A Local Privilege Escalation LPE vulnerability was found in libblockdev...

TencentOS Server 2: libblockdev (TSSA-2025:0535)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0535 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

EulerOS 2.0 SP13 : libblockdev (EulerOS-SA-2025-2266)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP11 : libblockdev (EulerOS-SA-2025-2200)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP11 : libblockdev (EulerOS-SA-2025-2232)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP10 : libblockdev (EulerOS-SA-2025-2102)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP12 : libblockdev (EulerOS-SA-2025-2014)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP10 : udisks2 (EulerOS-SA-2025-2117)

According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

Astra Linux – Vulnerability in libblockdev

A Local Privilege Escalation LPE vulnerability was discovered in libblockdev. Typically, the “allowactive” setting in Polkit allows a physically present user to perform certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, a “allowactive” user on ...

K000152934: Libblockdev vulnerability CVE-2025-6019

Security Advisory Description A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, a...

CVE-2025-6018

A Local Privilege Escalation LPE vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules PAM. This flaw allows an unprivileged local attacker for example, a user logged in via SSH to obtain the elevated privileges normally reserved for a physically present,...

libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

OESA-2025-1677 libblockdev security update

libblockdev is a C library supporting GObject introspection for manipulation of block devices. It has a plugin-based architecture where each technology like LVM, Btrfs, MD RAID, Swap,... is implemented in a separate plugin, possibly with multiple implementations e.g. using LVM CLI or the new LVM...

libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

Important: libblockdev security update

libblockdev is a C library supporting GObject introspection for manipulation of block devices. It has a plugin-based architecture where each technology like LVM, Btrfs, MD RAID, Swap,... is implemented in a separate plugin, possibly with multiple implementations e.g. using LVM CLI or the new LVM...

AZL-64187 CVE-2025-6019 affecting package libblockdev 2.28-3

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any"

It was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polkit policies using the...

UBUNTU-CVE-2019-3842

In systemd before v242-rc4, it was discovered that pamsystemd does not properly sanitize the environment before using the XDGSEAT variable. It is possible for an attacker, in some particular configurations, to set a XDGSEAT environment variable which allows for commands to be checked against polk...