Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Linux flaws chain allows Root access across major distributions

Researchers discovered two local privilege escalation flaws that could let attackers gain root access on systems running major Linux distributions. Qualys researchers discovered two local privilege escalation (LPE) vulnerabilities, an attacker can exploit them to gain root privileges on machines running major Linux distributions. The two vulnerabilities are: The first flaw (CVE-2025-6018) allows an unprivileged […]

Linux Dirty Frag DirtyDecrypt PinTheft

Researchers discovered two local privilege escalation flaws that could let attackers gain root access on systems running major Linux distributions.

Qualys researchers discovered two local privilege escalation (LPE) vulnerabilities, an attacker can exploit them to gain root privileges on machines running major Linux distributions.

The two vulnerabilities are:

  • CVE-2025-6018: LPE from unprivileged to allow_active in *SUSE 15’s PAM
  • CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks

The first flaw (CVE-2025-6018) allows an unprivileged local user, such as someone connecting via SSH, to impersonate a physical user and gain access to actions typically reserved for someone sitting in front of the machine.

The second vulnerability (CVE-2025-6019), found in libblockdev and exploitable through the default udisks service, lets a physical or compromised user escalate their access to full root privileges. When combined, these two flaws allow an unprivileged attacker to gain full control over a system.

While attacks that start from any unprivileged user and lead to root access are generally more concerning, this chain of vulnerabilities is particularly dangerous because of how easily they can be linked together.

Researchers also pointed to similar recent high-profile exploits that relied on the same “allow_active” user loophole, and a recent blog post by Pumpkin Chang showing how attackers could abuse D-Bus and Polkit rules to impersonate physical users via SSH.

“Although CVE-2025-6019 on its own requires existing allow_active context, chaining it with CVE-2025-6018 enables a purely unprivileged attacker to achieve full root access.” reads the report published by Qualys. “This libblockdev/udisks flaw is extremely significant. Although it nominally requires “allow_active” privileges, udisks ships by default on almost all Linux distributions, so nearly any system is vulnerable. Techniques to gain “allow_active”, including the PAM issue disclosed here, further negate that barrier. An attacker can chain these vulnerabilities for immediate root compromise with minimal effort.”

Qualys confirmed the flaws affect systems like Ubuntu, Debian, FQualys and also developed proof-of-concept exploits to demonstrate the vulnerabilities on these operating systems.

Users should apply security patches to address the flaws or, as a temporary fix, adjust Polkit rules to require admin authentication.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Linux)