UDisks, libblockdev: Privilege escalation — GLSA 202507-02

Multiple vulnerabilities have been discovered in UDisks, libblockdev, the worst of which could result in privilege escalation.

Affected packages

Package	sys-fs/udisks on all architectures
Affected versions	< 2.10.1-r4
Unaffected versions	>= 2.10.1-r4

Package	sys-libs/libblockdev on all architectures
Affected versions	< 3.3.0
Unaffected versions	>= 3.3.0

Background

UDisks provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies. libblockdev is a library for manipulating block devices.

Description

Multiple vulnerabilities have been discovered in UDisks and libblockdev. Please review the CVE identifiers referenced below for details.

Impact

A physical attacker with a local, unprivileged session can escalate privileges to root. Please review the referenced CVE identifier for details.

Workaround

There is no known workaround at this time.

Resolution

All UDisks users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-fs/udisks-2.10.1-r4"

All libblockdev users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-libs/libblockdev-3.3.0"

References

CVE-2025-6019

Release date
July 01, 2025

Latest revision
July 01, 2025: 1

Severity
high

Exploitable
local

Bugzilla entries

958339