Security Intelligence
Loading table of contents...
Loading table of contents...
Researchers published proof-of-concept (POC) code for an attack chaining two local privilege escalation (LPE) vulnerabilities affecting a wide range of Linux distributions. When combined, the two flaws could allow an unprivileged user to gain full root access.
The chain involves two vulnerabilities:
- CVE-2025-6018 is an issue in the Pluggable Authentication Modules (PAM) configuration allowing an unprivileged local user to elevate permissions and invoke actions normally reserved for a user with physical access to the machine.
- CVE-2025-6019 is a flaw that resides in libblockdev, a low-level C library that acts as a backend for higher-level tools. Researchers discovered that libblockdev is exploitable via the udisks daemon, a tool deployed by default in most Linux distributions, (including Ubuntu and its derivatives like Kubuntu and Xubuntu, Debian, Fedora, openSUSE Leap and SUSE Linux Enterprise, Arch Linux, Red Hat Enterprise Linux (RHEL) and CentOS Stream).
Separately, the US Cybersecurity and Infrastructure Security Agency (CISA) added a 2023 Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, noting active exploitation. The flaw, tracked as CVE-2023-0386, affects the Ubuntu OverlayFS, a module commonly deployed in containerized environments or systems using user namespaces.
CVE-2023-0386 allows an unprivileged user to escalate to root privileges and ultimately execute code on the affected system. It was rated with high severity and assigned a CVSS score of 7.8 out of 10. Affected distributions include Ubuntu, Debian, Fedora, RHEL, and openSUSE, among others.
Stay on top of emerging threats.
Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities.
Analysis:
The risks associated with these flaws affect nearly all unpatched Linux distributions, and organizations are urged to patch as soon as possible, as well as audit their configurations. Follow your distribution’s security channels for updates and guidance.
Review best practices for hardening Linux systems including limiting untrusted user operations, such as mounting filesystems or modifying sensitive directories, especially in shared or containerized environments.
