EulerOS 2.0 SP13 : libblockdev (EulerOS-SA-2025-2298)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EUVD-2025-18685

Malicious code in bioql PyPI...

K000152934: Libblockdev vulnerability CVE-2025-6019

Security Advisory Description A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, a...

ROS-20250806-07

The libblockdev library vulnerability is related to file system mount and drive management as a result of incorrect access delimitation when accessing the udisks daemon. as a result of incorrect access delimitation when accessing the udisks daemon. Exploitation of the vulnerability could allow an...

NewStart CGSL MAIN 7.02 : libblockdev Vulnerability (NS-SA-2025-0117)

The remote NewStart CGSL host, running version MAIN 7.02, has libblockdev packages installed that are affected by a vulnerability: - A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the allowactive setting in Polkit permits a physically present user to take...

TencentOS Server 3: libblockdev (TSSA-2025:0484)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0484 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

AlmaLinux 8 : libblockdev (ALSA-2025:9878)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:9878 advisory. libblockdev: LPE from allowactive to root in libblockdev via udisks CVE-2025-6019 Tenable has extracted the preceding description block directly from the AlmaLinux...

GLSA-202507-02 : UDisks, libblockdev: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-202507-02 UDisks, libblockdev: Privilege escalation Multiple vulnerabilities have been discovered in UDisks and libblockdev. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding...

Oracle Linux 8 : libblockdev (ELSA-2025-9878)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-9878 advisory. 2.28-7.0.1 - enable btrfs support Orabug: 30792917 2.28-7 - Don't allow suid and dev set on fs resize CVE-2025-6019 Resolves: RHEL-96034 Tenable has extracted t...

Oracle Linux 9 : libblockdev (ELSA-2025-9327)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-9327 advisory. 2.28-14.0.1 - enable btrfs support Orabug: 30792917 2.28-14 - Don't allow suid and dev set on fs resize CVE-2025-6019 Resolves: RHEL-96038 Tenable has extracted...

Updated udisks2 & libblockdev packages fix security vulnerabilities

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

RHEL 10 : libblockdev (RHSA-2025:9328)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9328 advisory. The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves a...

Medium: libblockdev

Issue Overview: LPE from allowactive to root in libblockdev via udisks CVE-2025-6019 Affected Packages: libblockdev Issue Correction: Run dnf update libblockdev --releasever 2023.7.20250623 to update your system. New Packages: aarch64: libblockdev-fs-debuginfo-3.2.1-1.amzn2023.0.3.aarch64 ...

CVE-2025-6019

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

AZL-64187 CVE-2025-6019 affecting package libblockdev 2.28-3

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

CVE-2025-6019

CVE-2025-6019 is a local privilege escalation in libblockdev that leverages the interaction with the udisks daemon and the Polkit “allow_active” setting to allow a physically present user to escalate to root. The issue arises when an attacker crafts an XFS image containing a SUID-root shell and m...

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : libblockdev vulnerability (USN-7577-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7577-1 advisory. It was discovered that libblockdev incorrectly handled mount options when resizing certain filesystems. A local attacker with an activ...

USN-7577-2: libblockdev vulnerability

USN-7577-1 fixed a vulnerability in libblockdev. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that libblockdev incorrectly handled mount options when resizing certain filesystems. A local attacker with an...

USN-7577-1: libblockdev vulnerability

It was discovered that libblockdev incorrectly handled mount options when resizing certain filesystems. A local attacker with an active session on the console can use this issue to escalate their privileges to root...

Slackware Linux 15.0 / current libblockdev Vulnerability (SSA:2025-169-01)

The version of libblockdev installed on the remote host is prior to 2.30 / 3.3.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-169-01 advisory. New libblockdev packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the...