Linux customers acquired two essential safety notifications on Tuesday: a few new vulnerabilities might be chained for full root entry, and CISA warned concerning the in-the-wild exploitation of an older flaw.
Cybersecurity agency Qualys has printed particulars and proof-of-concept (PoC) code for 2 new Linux vulnerabilities that may be exploited for native privilege escalation.
One of many safety holes, tracked as CVE-2025-6018, impacts the Pluggable Authentication Modules (PAM) framework on Linux and it permits an unprivileged native attacker to raise permissions to ‘allow_active’ and invoke actions which can be usually reserved for customers who’re bodily current.
The second vulnerability, CVE-2025-6019, permits an ‘allow_active’ person to leverage the Udisks daemon (used for storage administration) and Llibblockdev (a library for low-level block-device operations) to acquire full root entry.
CVE-2025-6018 and CVE-2025-6019 might be chained to permit an unprivileged attacker to realize full root entry on the focused system.
Qualys identified that the Udisks part is current by default on almost all Linux distributions, which makes the vulnerabilities harmful.
“Given the ubiquity of Udisks and the simplicity of the exploit, organizations should deal with this as a vital, common threat and deploy patches immediately,” Qualys warned.
Individually, CISA warned on Tuesday {that a} Linux kernel vulnerability, tracked as CVE-2023-0386, has been exploited in assaults. Commercial. Scroll to proceed studying.
The cybersecurity company added the flaw, which impacts the Linux kernel’s OverlayFS subsystem and permits a neighborhood attacker to escalate privileges, to its Identified Exploited Vulnerabilities (KEV) catalog.
There don’t seem like any public reviews describing exploitation of CVE-2023-0386.
CVE-2023-0386 is considered one of two vulnerabilities disclosed in 2023 which can be collectively tracked as GameOver(lay). Researchers warned on the time that the failings are simple to take advantage of they usually had impacted 40% of Ubuntu cloud workloads. PoC code and technical particulars have been made out there shortly after disclosure.
Greater than 20 Linux kernel vulnerabilities are at present in CISA’s KEV catalog, together with a number of added final yr.
There are few reviews describing assaults involving the exploitation of Linux kernel flaws, however they’re usually leveraged in malware assaults.
Associated: Enhanced Model of ‘BPFDoor’ Linux Backdoor Seen within the Wild
Associated: New ‘Auto-Shade’ Linux Malware Targets North America, Asia
Associated: Stealthy ‘Perfctl’ Malware Infects 1000’s of Linux Servers
