TencentOS Server 4: udisks2 (TSSA-2025:0480)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0480 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EulerOS 2.0 SP13 : libblockdev (EulerOS-SA-2025-2266)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP13 : udisks2 (EulerOS-SA-2025-2312)

According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP11 : libblockdev (EulerOS-SA-2025-2200)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: udisks2 (UTSA-2025-587571)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-587571 advisory. A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the allowactive setting in Polkit permits a physically present user to take certa...

EulerOS 2.0 SP12 : udisks2 (EulerOS-SA-2025-2030)

According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP12 : udisks2 (EulerOS-SA-2025-2061)

According to the versions of the udisks2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

Linux Distros Unpatched Vulnerability : CVE-2025-6019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the allowactive setting in Polkit permits a physically present user to take...

CLSA-2025-1754340109 libblockdev: Fix of CVE-2025-6019

CVE-2025-6019: fix local privilege escalation vulnerability by updating libblockdev to prevent mounting of user-provided filesystem images with SUID- root shell...

MGASA-2025-0188 Updated udisks2 & libblockdev packages fix security vulnerabilities

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

AZL-64187 CVE-2025-6019 affecting package libblockdev 2.28-3

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

CVE-2025-6019

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

DEBIAN-CVE-2025-6019

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

CVE-2025-6019 Libblockdev: lpe from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

CVE-2025-6019

CVE-2025-6019 is a local privilege escalation in libblockdev that leverages the interaction with the udisks daemon and the Polkit “allow_active” setting to allow a physically present user to escalate to root. The issue arises when an attacker crafts an XFS image containing a SUID-root shell and m...

glibc - realpath() Privilege Escalation Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "glibc 'realpath' Privilege Escalation", 'Description' = %q This module attempts to gain roo...

glibc 'realpath()' Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library glibc version 2.26 and prior. This module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath and create a SUID root shell. The exploit has offsets for glibc...

FreeBSD 3.3,Linux Mandrake 7.0 'xsoldier' Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/871/info Certain versions of FreeBSD 3.3 Confirmed and Linux Mandrake confirmed ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid root binary meant to be run via ...

Veritas Software Volume Manager 3.0.2/3.0.3/3.0.4 File Permission Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1356/info A vulnerability exists in the Volume Manager product, versions 3.0.x, from Veritas Software. Volume Manager is a popular disk management package. Volume Manager running on Solaris platforms prior to Solaris 8 ar...

Acpid 1:2.0.10-1ubuntu2 Privilege Boundary Crossing Vulnerability

Exploit for linux platform in category local exploits Exploit Title: Acpid Privilege Boundary Crossing Vulnerability Google Dork: Date: 23-11-2011 Author: otr Software Link: https://launchpad.net/ubuntu/+source/acpid Version: 1:2.0.10-1ubuntu2 Tested on: Ubuntu 11.10, Ubuntu 11.04 CVE :...