Technology

Two new vulnerabilities allow hackers to easily obtain root permissions, and almost all Linux distributions are hit

Team Passionategeekz
Team Passionategeekz
2 Min Read
Two new vulnerabilities allow hackers to easily obtain root permissions, and almost all Linux distributions are hit

Also See

Redmi K80 Extreme Edition, Redmi K Pad, Xiaomi Pad 7S Pro, and Realme 15 Series: Upcoming Launches and Updates
Redmi K80 Extreme Edition, Redmi K Pad, Xiaomi Pad 7S Pro, and Realme 15 Series: Upcoming Launches and Updates
Nothing Phone (3) Launching July 1 with Snapdragon 8s Gen 4 and Premium Upgrades
Nothing Phone (3) Launching July 1 with Snapdragon 8s Gen 4 and Premium Upgrades
iQOO Z10 Lite 5G Launched in India with Dimensity 6300, 6000mAh Battery Under ₹10,000
iQOO Z10 Lite 5G Launched in India with Dimensity 6300, 6000mAh Battery Under ₹10,000
Poco F7 5G Set to Launch in India on June 24 with Snapdragon 8s Gen 4, 7550mAh Battery
Poco F7 5G Set to Launch in India on June 24 with Snapdragon 8s Gen 4, 7550mAh Battery
Redmi Pad 2 Launched in India with 2.5K Display, HyperOS and Starting Price of ₹13,999
Redmi Pad 2 Launched in India with 2.5K Display, HyperOS and Starting Price of ₹13,999


Free Article Submission
SUBMIT YOUR ARTICLE HERE FOR FREE

Passionategeekz On June 18, security researchers discovered two new local permission escalation vulnerabilities (LPE).Attackers can exploit these vulnerabilities to fully control the system or gain root permissionsaffecting major Linux distributions. This discovery has aroused the vigilance of system administrators around the world.

  • The first vulnerability, number CVE-2025-6018, exists in the Pluggable Authentication Module (PAM) configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15 systems. The vulnerability allows local attackers to obtain “allow_active” user permissions.

  • The second vulnerability, number CVE-2025-6019, exists in the libblockdev library. The vulnerability allows users who have obtained “allow_active” permission to escalate permission to root through the udisks daemon, a storage management service that runs by default in most Linux distributions.

The Qualys Threat Research Group (TRU), which discovered and reported these two vulnerabilities yesterday, developed a proof of concept.And successfully used CVE-2025-6019 to obtain root permissions in Ubuntu, Debian, Fedora and openSUSE Leap 15 systems

Saeed Abbasi, senior manager of Qualys TRU, warned: “While the nominal ‘allow_active’ permission is required, udisks exists by default in almost all Linux distributions, so nearly all systems are vulnerable. Attackers can stitch these vulnerabilities to achieve direct root access with minimal effort.”

Passionategeekz noted that given the ubiquitous presence of udisks and the simplicity of exploitation, the group’s recommendation is very clear: This should be viewed as a critical and universal risk, and apply security patches immediately.

Advertising statement: The external redirect links (including, not limited to, hyperlinks, QR codes, passwords, etc.) contained in the article are used to convey more information and save selection time. The results are for reference only. All articles from Passionategeekz include this statement.



Source link

Discover more from PassionateGeekz

Subscribe to get the latest posts sent to your email.

TAGGED:
Share This Article
Leave a Comment

Leave a Reply

Stay Connected

You Might Also Like

Discover more from PassionateGeekz

Subscribe now to keep reading and get access to the full archive.

Continue reading