SUSE update for libblockdev
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-6019 |
| CWE-ID | CWE-362 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Basesystem Module Operating systems & Components / Operating system SUSE Package Hub 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing LTSS 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing ESPOS 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP5 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP4 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system libbd_mpath-devel Operating systems & Components / Operating system package or component libbd_loop-devel Operating systems & Components / Operating system package or component libbd_lvm-dbus2-debuginfo Operating systems & Components / Operating system package or component libbd_part-devel Operating systems & Components / Operating system package or component libbd_swap-devel Operating systems & Components / Operating system package or component python3-libblockdev Operating systems & Components / Operating system package or component libbd_mpath2-debuginfo Operating systems & Components / Operating system package or component libbd_mpath2 Operating systems & Components / Operating system package or component libbd_lvm-dbus-devel Operating systems & Components / Operating system package or component libbd_kbd-devel Operating systems & Components / Operating system package or component libbd_fs-devel Operating systems & Components / Operating system package or component libbd_kbd2 Operating systems & Components / Operating system package or component libbd_dm2-debuginfo Operating systems & Components / Operating system package or component libbd_btrfs-devel Operating systems & Components / Operating system package or component libbd_lvm-devel Operating systems & Components / Operating system package or component libbd_dm2 Operating systems & Components / Operating system package or component libbd_vdo2-debuginfo Operating systems & Components / Operating system package or component libbd_dm-devel Operating systems & Components / Operating system package or component libbd_crypto-devel Operating systems & Components / Operating system package or component typelib-1_0-BlockDev-2_0 Operating systems & Components / Operating system package or component libbd_utils-devel Operating systems & Components / Operating system package or component libbd_vdo-devel Operating systems & Components / Operating system package or component libblockdev-devel Operating systems & Components / Operating system package or component libbd_mdraid-devel Operating systems & Components / Operating system package or component libbd_vdo2 Operating systems & Components / Operating system package or component libbd_kbd2-debuginfo Operating systems & Components / Operating system package or component libbd_lvm-dbus2 Operating systems & Components / Operating system package or component libbd_btrfs2 Operating systems & Components / Operating system package or component libbd_btrfs2-debuginfo Operating systems & Components / Operating system package or component libblockdev2-debuginfo Operating systems & Components / Operating system package or component libbd_mdraid2-debuginfo Operating systems & Components / Operating system package or component libbd_loop2 Operating systems & Components / Operating system package or component libbd_utils2-debuginfo Operating systems & Components / Operating system package or component libbd_swap2 Operating systems & Components / Operating system package or component libbd_crypto2-debuginfo Operating systems & Components / Operating system package or component libbd_part2-debuginfo Operating systems & Components / Operating system package or component libblockdev2 Operating systems & Components / Operating system package or component libblockdev-debugsource Operating systems & Components / Operating system package or component libbd_lvm2 Operating systems & Components / Operating system package or component libbd_fs2 Operating systems & Components / Operating system package or component libbd_swap2-debuginfo Operating systems & Components / Operating system package or component libblockdev-debuginfo Operating systems & Components / Operating system package or component libbd_crypto2 Operating systems & Components / Operating system package or component libblockdev Operating systems & Components / Operating system package or component libbd_loop2-debuginfo Operating systems & Components / Operating system package or component libbd_lvm2-debuginfo Operating systems & Components / Operating system package or component libbd_mdraid2 Operating systems & Components / Operating system package or component libbd_part2 Operating systems & Components / Operating system package or component libbd_fs2-debuginfo Operating systems & Components / Operating system package or component libbd_utils2 Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Race condition
EUVDB-ID: #VU111385
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2025-6019
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition. A local user can exploit the race using the udisks daemon and execute arbitrary code with root privileges after certain manipulations with mounts
MitigationUpdate the affected package libblockdev to the latest version.
Vulnerable software versionsBasesystem Module: 15-SP6 - 15-SP7
SUSE Package Hub 15: 15-SP6 - 15-SP7
SUSE Linux Enterprise Real Time 15: SP6 - SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP4 - SP7
SUSE Linux Enterprise Server 15: SP4 - SP7
SUSE Linux Enterprise Desktop 15: SP6 - SP7
SUSE Linux Enterprise High Performance Computing LTSS 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP5: LTSS
SUSE Linux Enterprise Server 15 SP4: LTSS
openSUSE Leap: 15.4 - 15.6
SUSE Linux Enterprise Micro: 5.3 - 5.5
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise High Performance Computing 15: SP4 - SP5
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
libbd_mpath-devel: before 2.26-150400.3.5.1
libbd_loop-devel: before 2.26-150400.3.5.1
libbd_lvm-dbus2-debuginfo: before 2.26-150400.3.5.1
libbd_part-devel: before 2.26-150400.3.5.1
libbd_swap-devel: before 2.26-150400.3.5.1
python3-libblockdev: before 2.26-150400.3.5.1
libbd_mpath2-debuginfo: before 2.26-150400.3.5.1
libbd_mpath2: before 2.26-150400.3.5.1
libbd_lvm-dbus-devel: before 2.26-150400.3.5.1
libbd_kbd-devel: before 2.26-150400.3.5.1
libbd_fs-devel: before 2.26-150400.3.5.1
libbd_kbd2: before 2.26-150400.3.5.1
libbd_dm2-debuginfo: before 2.26-150400.3.5.1
libbd_btrfs-devel: before 2.26-150400.3.5.1
libbd_lvm-devel: before 2.26-150400.3.5.1
libbd_dm2: before 2.26-150400.3.5.1
libbd_vdo2-debuginfo: before 2.26-150400.3.5.1
libbd_dm-devel: before 2.26-150400.3.5.1
libbd_crypto-devel: before 2.26-150400.3.5.1
typelib-1_0-BlockDev-2_0: before 2.26-150400.3.5.1
libbd_utils-devel: before 2.26-150400.3.5.1
libbd_vdo-devel: before 2.26-150400.3.5.1
libblockdev-devel: before 2.26-150400.3.5.1
libbd_mdraid-devel: before 2.26-150400.3.5.1
libbd_vdo2: before 2.26-150400.3.5.1
libbd_kbd2-debuginfo: before 2.26-150400.3.5.1
libbd_lvm-dbus2: before 2.26-150400.3.5.1
libbd_btrfs2: before 2.26-150400.3.5.1
libbd_btrfs2-debuginfo: before 2.26-150400.3.5.1
libblockdev2-debuginfo: before 2.26-150400.3.5.1
libbd_mdraid2-debuginfo: before 2.26-150400.3.5.1
libbd_loop2: before 2.26-150400.3.5.1
libbd_utils2-debuginfo: before 2.26-150400.3.5.1
libbd_swap2: before 2.26-150400.3.5.1
libbd_crypto2-debuginfo: before 2.26-150400.3.5.1
libbd_part2-debuginfo: before 2.26-150400.3.5.1
libblockdev2: before 2.26-150400.3.5.1
libblockdev-debugsource: before 2.26-150400.3.5.1
libbd_lvm2: before 2.26-150400.3.5.1
libbd_fs2: before 2.26-150400.3.5.1
libbd_swap2-debuginfo: before 2.26-150400.3.5.1
libblockdev-debuginfo: before 2.26-150400.3.5.1
libbd_crypto2: before 2.26-150400.3.5.1
libblockdev: before 2.26-150400.3.5.1
libbd_loop2-debuginfo: before 2.26-150400.3.5.1
libbd_lvm2-debuginfo: before 2.26-150400.3.5.1
libbd_mdraid2: before 2.26-150400.3.5.1
libbd_part2: before 2.26-150400.3.5.1
libbd_fs2-debuginfo: before 2.26-150400.3.5.1
libbd_utils2: before 2.26-150400.3.5.1
CPE2.3- cpe:2.3:o:suse:basesystem_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:basesystem_module:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP7:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:suse:libbd_mpath-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_loop-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_lvm-dbus2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_part-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_swap-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-libblockdev:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_mpath2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_mpath2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_lvm-dbus-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_kbd-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_fs-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_kbd2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_dm2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_btrfs-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_lvm-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_dm2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_vdo2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_dm-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_crypto-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:typelib-1_0-blockdev-2_0:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_utils-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_vdo-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libblockdev-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_mdraid-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_vdo2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_kbd2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_lvm-dbus2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_btrfs2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_btrfs2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libblockdev2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_mdraid2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_loop2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_utils2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_swap2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_crypto2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_part2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libblockdev2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libblockdev-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_lvm2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_fs2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_swap2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libblockdev-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_crypto2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libblockdev:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_loop2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_lvm2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_mdraid2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_part2:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_fs2-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:libbd_utils2:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202502044-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
