- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202507-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: UDisks, libblockdev: Privilege escalation
     Date: July 01, 2025
     Bugs: #958339
       ID: 202507-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in UDisks, libblockdev, the worst of which could result in privilege escalation.

Affected packages
=================

Package 	sys-fs/udisks on all architectures
Affected versions 	< 2.10.1-r4
Unaffected versions 	>= 2.10.1-r4
Package 	sys-libs/libblockdev on all architectures
Affected versions 	< 3.3.0
Unaffected versions 	>= 3.3.0

Background
==========

UDisks provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies. libblockdev is a library for manipulating block devices.

Description
===========

Multiple vulnerabilities have been discovered in UDisks and libblockdev. Please review the CVE identifiers referenced below for details.

Impact
======

A physical attacker with a local, unprivileged session can escalate privileges to root. Please review the referenced CVE identifier for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All UDisks users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-fs/udisks-2.10.1-r4"
 

All libblockdev users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-libs/libblockdev-3.3.0"
 

References
==========

    CVE-2025-6019