oss-sec mailing list archives

Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks

From: Qualys Security Advisory <qsa () qualys com>
Date: Tue, 17 Jun 2025 20:07:30 +0000

Hi all,

Attached to this email are the two libblockdev/udisks patches that we
sent to the linux-distros@openwall last week.

Thank you very much! We are at your disposal for questions, comments,
and further discussions.

With best regards,

-- 
the Qualys Security Advisory team

Attachment: 0001-dont-allow-suid-and-dev-set-on-fs-resize.patch
Description: 0001-dont-allow-suid-and-dev-set-on-fs-resize.patch

Attachment: 0001-udiskslinuxfilesystemhelpers-Mount-private-mounts-wi.patch
Description: 0001-udiskslinuxfilesystemhelpers-Mount-private-mounts-wi.patch

Current thread:

CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory (Jun 17)
- Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Simon McVittie (Jun 17)
- Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Jakub Wilk (Jun 17)
- <Possible follow-ups>
- Re: CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks Qualys Security Advisory (Jun 17)