Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: FEDORA-2025-af7ba2696c critical libblockdev privilege escalation

fedora
Calendar Grey June 21, 2025
Dist Fedora Esm H88
Fedora issues vital Libblockdev patch to resolve privilege escalation vulnerability. Users advised to apply update promptly for enhanced security.
Automatic update for libblockdev-3.3.1-1.fc42

Summary

The libblockdev is a C library with GObject introspection support that can be

used for doing low-level operations with block devices like setting up LVM,

BTRFS, LUKS or MD RAID. The library uses plugins (LVM, BTRFS,...) and serves as

a thin wrapper around its plugins' functionality. All the plugins, however, can

be used as standalone libraries. One of the core principles of libblockdev is

that it is stateless from the storage configuration's perspective (e.g. it has

no information about VGs when creating an LV).

Update Information:

Automatic update for libblockdev-3.3.1-1.fc42. Changelog for libblockdev * Wed Jun 18 2025 Packit - 3.3.1-1 - Update to version 3.3.1

Topics%20covered

Topics Covered

security advisory fedora critical local privilege escalation system threat libblockdev

Change Log

* Wed Jun 18 2025 Packit - 3.3.1-1 - Update to version 3.3.1

References


[ 1 ] Bug #2373307 - libblockdev allegedly exploitable via the udisks daemon included by default on most Linux distributions, and allows an “allow_active” user to gain full root privileges (CVE-2025-6019) https://bugzilla.redhat.com/show_bug.cgi?id=2373307 [ 2 ] Bug #2373715 - CVE-2025-6019 libblockdev: LPE from allow_active to root in libblockdev via udisks [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2373715

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-af7ba2696c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libblockdev
Product: Fedora 42
Version: 3.3.1
Release: 1.fc42
URL: https://github.com/storaged-project/libblockdev
Summary: A library for low-level manipulation with block devices

Topics%20covered

Topics Covered

security advisory fedora critical local privilege escalation system threat libblockdev

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here