Recent research from Qualys has revealed significant security vulnerabilities affecting many Linux systems, particularly those running openSUSE and SUSE Linux Enterprise. These flaws could allow an attacker with limited access to escalate privileges and gain full control over the system. Given the widespread use of these components, it’s essential for organizations to understand the risks and act promptly to secure their environments.
Qualys’ Threat Research Unit identified two linked security issues:
- CVE-2025-6018: A misconfiguration in the PAM setup for openSUSE Leap 15 and SUSE Linux Enterprise 15 can mistakenly treat remote or local users as physically present, granting them elevated privileges.
- CVE-2025-6019: A flaw in libblockdev, used by the udisks daemon—an integral part of many Linux distributions—allows users with certain privileges to escalate their access to root. When combined with the first vulnerability, this chain enables an attacker to fully compromise the system.
The vulnerabilities exploit how Linux manages user privileges and device control. The first flaw causes the system to incorrectly identify user activity, while the second allows privilege escalation through udisks and libblockdev.
Because udisks is installed by default on most Linux systems, and the vulnerabilities can be chained together, even a regular SSH login could potentially lead to full system takeover.
The ability for an attacker to escalate privileges to root poses a severe security risk. Once they have full control, they can:
- Install malicious backdoors
- Disable security measures
- Access sensitive data
- Use the compromised system as a launching point for broader network attacks
This underscores the importance of timely patching and configuration review to prevent exploitation.
To mitigate these vulnerabilities:
- Apply vendor updates immediately: Ensure your Linux distribution is up to date with the latest patches addressing these issues.
- Review and update polkit policies: Restrict device modification actions to administrators only by adjusting the relevant polkit rules.
- Stay informed: Follow official security advisories for your Linux distribution and implement recommended security configurations promptly.
These findings highlight the ongoing need for vigilance in system security as well as regular updates, proper privilege management, and awareness of potential risks are essential to keep your infrastructure safe from exploitation. Those responsible for system security should review and deploy these updates without delay.
Check out Qualys’ research report with in-depth technical details and patches on their website here.
Leave a Reply