Vulnerable Version
libblockdev & udisks2 versions before Ubuntu 2.10.1-9ubuntu3.2, Debian 2.25/2.9.4, RHEL/AlmaLinux 2.28/2.9.4, SLE 2.28/2.9.4
Fixed Version
versions at or above the listed versions
Base Score
7.0 High
libblockdev & udisks2 :-
libblockdev is a C library that includes a collection of plug-ins for low-level block device operations such as partitioning, formatting, resizing, and encryption.
It serves as a backend for more advanced tools and daemons, such as udisks2 and system installers.
udisks2 is a system service/daemon that uses the D-Bus API to manage disks and storage devices. It’s what your Linux desktop or system utilities use to mount drives, format them, or partition them without requiring direct root access.
CVE-2025-6019 Description:-
CVE-2025-6019 is a local privilege escalation issue that affects the udisks2 daemon (udisksd) and its backend library, libblockdev. During a static review, it was discovered that udisksd provides multiple Polkit-controlled ways for mounting, unlocking, and formatting devices. In previous versions, these methods used group-based allow_active checks without confirming the invoking UID, which resulted in a trust boundary breach. Backend activities done through libblockdev over D-Bus enabled privileged actions to be queued and executed utilizing the daemon’s elevated context.
The udisks_daemon_handle_mount → polkit_check → blkdev_mount flow is particularly vulnerable, as it allows unprivileged users to fool the daemon into doing root-level mount actions. The vulnerability exists because the backend layer naively trusts frontend input and fails to perform adequate validation or enforce granular checks, leaving a clear path for privilege escalation. Using this weakness, a local attacker might get full root access to affected systems.
Impact
- Local privilege escalation: Using udisks2 and libblockdev, a non-privileged user can get root access.
- System Compromise: Complete control of the system, including important files, programs, and configurations.
- Persistence Risk: Attackers can use backdoors or change system binaries to gain persistent access.
- Security Controls Bypassing: Exploitation can disable security tools or logging measures.
- Wide Distribution Exposure: Affects several Linux distributions (Ubuntu, Debian, Fedora, openSUSE, and SUSE Linux Enterprise), making it extremely important in enterprise situations.
Mitigations:
- Apply Security Updates: Immediately update the udisks2 and libblockdev packages from trusted vendor sources.
- Restrict Polkit Rules: For sensitive actions, change the Polkit settings to require admin authentication rather than allow_active.
- Enforce Mount Restrictions: Ensure that mounted filesystems employ security flags such as nosuid, nodev, and noexec when appropriate.
- Audit User Privileges: Restrict local accounts with allow_active or other enhanced Polkit permissions.