Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

The Hacker News by The Hacker News
June 19, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jun 19, 2025Ravie LakshmananLinux / Vulnerability

Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions.

The vulnerabilities, discovered by Qualys, are listed below –

  • CVE-2025-6018 – LPE from unprivileged to allow_active in SUSE 15’s Pluggable Authentication Modules (PAM)
  • CVE-2025-6019 – LPE from allow_active to root in libblockdev via the udisks daemon

“These modern ‘local-to-root’ exploits have collapsed the gap between an ordinary logged-in user and a full system takeover,” Saeed Abbasi, Senior Manager at Qualys Threat Research Unit (TRU), said.

Cybersecurity

“By chaining legitimate services such as udisks loop-mounts and PAM/environment quirks, attackers who own any active GUI or SSH session can vault across polkit’s allow_active trust zone and emerge as root in seconds.”

The cybersecurity company said CVE-2025-6018 is present in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15, enabling an unprivileged local attacker to elevate to the “allow_active” user and call Polkit actions that are otherwise reserved for a physically present user.

CVE-2025-6019, on the other hand, affects libblockdev and is exploitable via the udisks daemon included by default on most Linux distributions. It essentially permits an “allow_active” user to gain full root privileges by chaining it with CVE-2025-6018.

“Although it nominally requires ‘allow_active’ privileges, udisks ships by default on almost all Linux distributions, so nearly any system is vulnerable,” Abbasi added. “Techniques to gain ‘allow_active,’ including the PAM issue disclosed here, further negate that barrier.”

Once root privileges are obtained, an attacker has carte blanche access to the system, allowing them use it as a springboard for broader post-compromise actions, such as altering security controls and implanting backdoors for covert access.

Qualys said it has developed proof-of-concept (PoC) exploits to confirm the presence of these vulnerabilities on various operating systems, including Ubuntu, Debian, Fedora, and openSUSE Leap 15.

To mitigate the risk posed by these flaws, it’s essential to apply patches provided by the Linux distribution vendors. As temporary workarounds, users can modify the Polkit rule for “org.freedesktop.udisks2.modify-device” to require administrator authentication (“auth_admin”).

Flaw Disclosed in Linux PAM

The disclosure comes as maintainers of Linux PAM resolved a high-severity path traversal flaw (CVE-2025-6020, CVSS score: 7.8) that could also allow a local user to escalate to root privileges. The issue has been fixed in version 1.7.1.

Cybersecurity

“The module pam_namespace in linux-pam <= 1.7.0 may access user-controlled paths without proper protections, which allows a local user to elevate their privileges to root via multiple symlink attacks and race conditions,” Linux PAM maintainer Dmitry V. Levin said.

Linux systems are vulnerable if they use pam_namespace to set up polyinstantiated directories for which the path to either the polyinstantiated directory or instance directory is under user-control. As workarounds for CVE-2025-6020, users can disable pam_namespace or ensure it does not operate on user-controlled paths.

ANSSI’s Olivier Bal-Petre, who reported the flaw to the maintainer on January 29, 2025, said users should also update their namespace.init script if they do not use the one provided by their distribution to ensure that the either of two paths are safe to operate on as root.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Meta Adds Passkey Login Support to Facebook for Android and iOS Users

Meta Adds Passkey Login Support to Facebook for Android and iOS Users

Recommended.

Overcoming Risks from Chinese GenAI Tool Usage

Overcoming Risks from Chinese GenAI Tool Usage

July 25, 2025
Compass Makes Giving Back to Local Communities Easier

Compass Makes Giving Back to Local Communities Easier

November 10, 2025

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio