Bug 2373307

Summary: libblockdev allegedly exploitable via the udisks daemon included by default on most Linux distributions, and allows an “allow_active” user to gain full root privileges (CVE-2025-6019)
Product: [Fedora] Fedora Reporter: Vojtech Trefny <vtrefny>
Component: libblockdevAssignee: Vojtech Trefny <vtrefny>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: rawhideCC: extras-qa, gnome-sig, tbzatek, ttrinks, v.podzimek+fedora, vtrefny
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: x86_64   
OS: Linux   
URL: https://blog.qualys.com/vulnerabilities-threat-research/2025/06/17/qualys-tru-uncovers-chained-lpe-suse-15-pam-to-full-root-via-libblockdev-udisks
Whiteboard:
Fixed In Version: libblockdev-3.3.1-1.fc43 Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: 2373301 Environment:
Last Closed: 2025-06-18 10:58:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vojtech Trefny 2025-06-18 07:35:08 UTC 
+++ This bug was initially created as a clone of Bug #2373301 +++

The Qualys team discovered [a] LPE vulnerability in libblockdev, trivially exploitable via the udisks daemon, which is installed by default on most Linux distributions: an "allow_active" user (e.g., a physical user, or an attacker who hijacked the session of a physical user) can obtain the full privileges of the root user [1].

[1] https://www.openwall.com/lists/oss-security/2025/06/17/4

Reproducible: Always

Actual Results:
LPE

Expected Results:
Disallow LPE.

Additional Information:
Proposed patches for both udisks and libblockdev [1].

[1] https://www.openwall.com/lists/oss-security/2025/06/17/5
Comment 1 Fedora Update System 2025-06-18 08:00:56 UTC 
FEDORA-2025-af7ba2696c (libblockdev-3.3.1-1.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-af7ba2696c
Comment 2 Fedora Update System 2025-06-18 08:05:13 UTC 
FEDORA-2025-4f28b95d7e (libblockdev-3.2.2-1.fc41) has been submitted as an update to Fedora 41.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-4f28b95d7e
Comment 3 Fedora Update System 2025-06-19 01:43:55 UTC 
FEDORA-2025-af7ba2696c has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-af7ba2696c`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-af7ba2696c

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Fedora Update System 2025-06-19 02:24:09 UTC 
FEDORA-2025-4f28b95d7e has been pushed to the Fedora 41 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-4f28b95d7e`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-4f28b95d7e

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2025-06-21 01:27:32 UTC 
FEDORA-2025-af7ba2696c (libblockdev-3.3.1-1.fc42) has been pushed to the Fedora 42 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 6 Fedora Update System 2025-06-21 02:12:31 UTC 
FEDORA-2025-4f28b95d7e (libblockdev-3.2.2-1.fc41) has been pushed to the Fedora 41 stable repository.
If problem still persists, please make note of it in this bug report.