Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 41: FEDORA-2025-4f28b95d7e Critical Local Privilege Escalation Issue

fedora
Calendar Grey June 21, 2025
Dist Fedora Esm H88
Critical Security Alert: Fedora Update for libblockdev released. This patch fixes vulnerabilities that could grant full root access. Update is strongly advised.
Don't allow suid and dev set on fs resize (Thomas.Blume)

Summary

The libblockdev is a C library with GObject introspection support that can be

used for doing low-level operations with block devices like setting up LVM,

BTRFS, LUKS or MD RAID. The library uses plugins (LVM, BTRFS,...) and serves as

a thin wrapper around its plugins' functionality. All the plugins, however, can

be used as standalone libraries. One of the core principles of libblockdev is

that it is stateless from the storage configuration's perspective (e.g. it has

no information about VGs when creating an LV).

Update Information:

Don't allow suid and dev set on fs resize (Thomas.Blume)

Topics%20covered

Topics Covered

security advisory fedora critical local privilege escalation root access libblockdev

Change Log

* Wed Jun 18 2025 Vojtech Trefny - 3.2.2-1 - Don't allow suid and dev set on fs resize (Thomas.Blume)

References


[ 1 ] Bug #2373307 - libblockdev allegedly exploitable via the udisks daemon included by default on most Linux distributions, and allows an “allow_active” user to gain full root privileges (CVE-2025-6019) https://bugzilla.redhat.com/show_bug.cgi?id=2373307 [ 2 ] Bug #2373715 - CVE-2025-6019 libblockdev: LPE from allow_active to root in libblockdev via udisks [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2373715

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4f28b95d7e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libblockdev
Product: Fedora 41
Version: 3.2.2
Release: 1.fc41
URL: https://github.com/storaged-project/libblockdev
Summary: A library for low-level manipulation with block devices

Topics%20covered

Topics Covered

security advisory fedora critical local privilege escalation root access libblockdev

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here