Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions.

Hacker News is a community-driven platform for sharing and discussing technology news, startups, and programming-related topics. Through user submissions and comments, Hacker News offers insights into emerging technology trends, industry developments, and entrepreneurial ventures. Readers can participate in discussions, share their insights, and stay informed about the latest advancements in technology and innovation.

Hacker News

Two critical local privilege escalation vulnerabilities (CVE-2025-6018 and CVE-2025-6019) have been discovered that allow attackers to gain root access on major Linux distributions. The first affects PAM configuration on SUSE systems, while the second targets the ubiquitous udisks daemon through libblockdev. These flaws can be chained together for immediate root compromise and affect Ubuntu, Debian, Fedora, and openSUSE systems. Security researchers have developed proof-of-concept exploits and urge immediate patching due to the critical nature and widespread impact of these vulnerabilities.

New Linux udisks flaw lets attackers get root on major Linux distros

Why IT teams are ditching manual patch management