Описание
ELSA-2025-9328: libblockdev security update (IMPORTANT)
[3.2.0-4.0.1]
- enable btrfs support [Orabug: 30792917]
[3.2.0-4]
- Don't allow suid and dev set on fs resize - CVE-2025-6019
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
libblockdev
3.2.0-4.0.1.el10_0
libblockdev-btrfs
3.2.0-4.0.1.el10_0
libblockdev-crypto
3.2.0-4.0.1.el10_0
libblockdev-dm
3.2.0-4.0.1.el10_0
libblockdev-fs
3.2.0-4.0.1.el10_0
libblockdev-loop
3.2.0-4.0.1.el10_0
libblockdev-lvm
3.2.0-4.0.1.el10_0
libblockdev-lvm-dbus
3.2.0-4.0.1.el10_0
libblockdev-mdraid
3.2.0-4.0.1.el10_0
libblockdev-mpath
3.2.0-4.0.1.el10_0
libblockdev-nvdimm
3.2.0-4.0.1.el10_0
libblockdev-nvme
3.2.0-4.0.1.el10_0
libblockdev-part
3.2.0-4.0.1.el10_0
libblockdev-plugins-all
3.2.0-4.0.1.el10_0
libblockdev-smart
3.2.0-4.0.1.el10_0
libblockdev-smartmontools
3.2.0-4.0.1.el10_0
libblockdev-swap
3.2.0-4.0.1.el10_0
libblockdev-tools
3.2.0-4.0.1.el10_0
libblockdev-utils
3.2.0-4.0.1.el10_0
python3-blockdev
3.2.0-4.0.1.el10_0
Oracle Linux x86_64
libblockdev
3.2.0-4.0.1.el10_0
libblockdev-btrfs
3.2.0-4.0.1.el10_0
libblockdev-crypto
3.2.0-4.0.1.el10_0
libblockdev-dm
3.2.0-4.0.1.el10_0
libblockdev-fs
3.2.0-4.0.1.el10_0
libblockdev-loop
3.2.0-4.0.1.el10_0
libblockdev-lvm
3.2.0-4.0.1.el10_0
libblockdev-lvm-dbus
3.2.0-4.0.1.el10_0
libblockdev-mdraid
3.2.0-4.0.1.el10_0
libblockdev-mpath
3.2.0-4.0.1.el10_0
libblockdev-nvdimm
3.2.0-4.0.1.el10_0
libblockdev-nvme
3.2.0-4.0.1.el10_0
libblockdev-part
3.2.0-4.0.1.el10_0
libblockdev-plugins-all
3.2.0-4.0.1.el10_0
libblockdev-smart
3.2.0-4.0.1.el10_0
libblockdev-smartmontools
3.2.0-4.0.1.el10_0
libblockdev-swap
3.2.0-4.0.1.el10_0
libblockdev-tools
3.2.0-4.0.1.el10_0
libblockdev-utils
3.2.0-4.0.1.el10_0
python3-blockdev
3.2.0-4.0.1.el10_0
Связанные CVE
Связанные уязвимости
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
A Local Privilege Escalation (LPE) vulnerability was found in libblock ...
