A naukri.com initiative
Securityaffairs
3w
96
Image Credit: Securityaffairs
Linux flaws chain allows Root access across major distributions
- Researchers discovered two local privilege escalation flaws that could let attackers gain root access on systems running major Linux distributions.
- Qualys researchers found two vulnerabilities that can be exploited to escalate privileges to gain root access on Linux systems.
- The vulnerabilities identified are CVE-2025-6018 affecting *SUSE 15's PAM and CVE-2025-6019 affecting libblockdev via udisks.
- CVE-2025-6018 enables unprivileged local user impersonation to access machine actions usually reserved for physical users.
- CVE-2025-6019 in libblockdev through udisks allows users to escalate their access to root privileges.
- When combined, these vulnerabilities allow unprivileged attackers full control over a system.
- The link between the flaws enables an unprivileged attacker to achieve full root access easily.
- Recent exploits, like those using the 'allow_active' user loophole, highlight the severity of related vulnerabilities.
- The vulnerabilities impact systems such as Ubuntu, Debian, and FQualys.
- Qualys created proof-of-concept exploits to demonstrate the vulnerabilities on affected operating systems.
- Users are advised to apply security patches or adjust Polkit rules for temporary mitigation.
- The flaws represent a significant risk due to the potential for unprivileged attackers to gain root access.
- The combination of vulnerabilities poses a serious threat to Linux systems and requires immediate attention from users and administrators.
- Addressing the vulnerabilities promptly is crucial to prevent unauthorized access to sensitive systems.
- Overall, the flaws highlight the importance of maintaining up-to-date security measures to protect against potential exploits.
- Follow security updates on Twitter: @securityaffairs, Facebook, and Mastodon for the latest information.
- Author: Pierluigi Paganini (SecurityAffairs - hacking, Linux)
Read Full Article
5 Likes
For uninterrupted reading, download the app