New Linux udisks flaw lets attackers get root on major Linux distros
Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. The first flaw (tracked as CVE-2025-6018) was found in the configuration of the Pluggable Authentication Modules (PAM) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15, allowing local attackers to gain the privileges of the "allow_active" user. The other security bug (CVE-2025-6019) was discovered in libblockdev, and it enab