libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

Important: Red Hat Security Advisory: libblockdev security update

An update for libblockdev is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Medium: udisks2

Issue Overview: LPE from allowactive to root in libblockdev via udisks CVE-2025-6019 Affected Packages: udisks2 Issue Correction: Run dnf update udisks2 --releasever 2023.7.20250623 or dnf update --advisory ALAS2023-2025-1021 --releasever 2023.7.20250623 to update your system. More information on...

RHEL 8 : libblockdev (RHSA-2025:9323)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9323 advisory. The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as...

RHEL 9 : libblockdev (RHSA-2025:9325)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9325 advisory. The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as...

RHEL 8 : libblockdev (RHSA-2025:9321)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9321 advisory. The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as...

Fedora: Security Advisory (FEDORA-2025-af7ba2696c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:02044-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : libblockdev (RHSA-2025:9320)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9320 advisory. The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as...

Important: libblockdev security update

The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as a thin wrapper around plug-ins for specific functionality, such as LVM, Btrfs, LUKS, or MD RAID. Security Fixes: libblockdev: LPE from allowactive ...

RHEL 9 : libblockdev (RHSA-2025:9326)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9326 advisory. The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as...

RHEL 9 : libblockdev (RHSA-2025:9327)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9327 advisory. The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as...

RHEL 9 : libblockdev (RHSA-2025:9324)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9324 advisory. The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as...

RHEL 10 : libblockdev (RHSA-2025:9328)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9328 advisory. The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves a...

ALSA-2025:9328 Important: libblockdev security update

The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as a thin wrapper around plug-ins for specific functionality, such as LVM, Btrfs, LUKS, or MD RAID. Security Fixes: libblockdev: LPE from allowactive ...

Fedora: Security Advisory (FEDORA-2025-4f28b95d7e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : libblockdev (RHSA-2025:9322)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9322 advisory. The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as...

Amazon Linux 2023 : libblockdev, libblockdev-crypto, libblockdev-crypto-devel (ALAS2023-2025-1020)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1020 advisory. LPE from allowactive to root in libblockdev via udisks CVE-2025-6019 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not...

ALSA-2025:9327 Important: libblockdev security update

The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as a thin wrapper around plug-ins for specific functionality, such as LVM, Btrfs, LUKS, or MD RAID. Security Fixes: libblockdev: LPE from allowactive ...

Medium: libblockdev

Issue Overview: LPE from allowactive to root in libblockdev via udisks CVE-2025-6019 Affected Packages: libblockdev Issue Correction: Run dnf update libblockdev --releasever 2023.7.20250623 or dnf update --advisory ALAS2023-2025-1020 --releasever 2023.7.20250623 to update your system. More...