[tomek@vz]

Heads Up!

Citiraj:

The first vulnerability in this situation is the least impactful, but is key to the root-access combo. Security bulletin CVE-2025-6018 describes a misconfiguration in the default settings for the PAM (Pluggable Authentication Module) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15. The issue revolves around the "allow_active" flag being erroneously set and allowing non-local unprivileged users to perform some elevated-privilege actions. In other words, just SSH into the machine, and you'll likely be able to mount/unmount volumes, shutdown and reboot the machine, etc.

Citiraj:

That's already no ideal, but it gets much worse when CVE-2025-6019 gets involved. This is the big one, as it points out a flaw in the library libblockdev, used by the udisks daemon (service), present by default in most every Linux distribution. Presumably due to a permission mishandling, if the aforementioned PAM setting of "allow_active" is set to "yes", then you can boost yourself from a standard user, even a remote one, to full root. To mitigate this, Qualys recommends altering the default polkit policy "org.freedesktop.udisks2.modify-device", changing "allow_active" from "yes" to "auth_admin".

> qualys