MiracleLinux 7 : libblockdev-2.18-5.0.1.el7.AXS7 (AXSA:2025-10699:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10699:04 advisory. CVE-2025-6019: don't allow suid and dev set on fs resize CVEs: CVE-2025-6019 A Local Privilege Escalation LPE vulnerability was found in libblockdev...

EulerOS 2.0 SP13 : libblockdev (EulerOS-SA-2025-2298)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP12 : libblockdev (EulerOS-SA-2025-2045)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

EulerOS 2.0 SP10 : libblockdev (EulerOS-SA-2025-2102)

According to the versions of the libblockdev packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the 'allowactive' setting in Polkit permits a physically...

OESA-2025-1677 libblockdev security update

libblockdev is a C library supporting GObject introspection for manipulation of block devices. It has a plugin-based architecture where each technology like LVM, Btrfs, MD RAID, Swap,... is implemented in a separate plugin, possibly with multiple implementations e.g. using LVM CLI or the new LVM...

libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

AZL-64187 CVE-2025-6019 affecting package libblockdev 2.28-3

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

CVE-2025-6019

CVE-2025-6019 is a local privilege escalation in libblockdev that leverages the interaction with the udisks daemon and the Polkit “allow_active” setting to allow a physically present user to escalate to root. The issue arises when an attacker crafts an XFS image containing a SUID-root shell and m...