Two new Linux vulnerabilities, CVE-2025-6018 and CVE-2025-6019, can be chained for full root access, posing significant security risks. Additionally, CISA warns of active exploitation of an older Linux kernel flaw, CVE-2023-0386, in the wild. #CVE20256018 #CVE20256019 #CVE20230386 #LinuxVulnerabilities #Udisks #OverlayFS
Keypoints
- Qualys disclosed two Linux vulnerabilities that allow privilege escalation and root access.
- The vulnerabilities CVE-2025-6018 and CVE-2025-6019 can be exploited when chained together.
- Udisks is affected by CVE-2025-6019 and is present by default on most Linux distributions.
- CISA warned that CVE-2023-0386 in the Linux kernel has been actively exploited in attacks.
- Despite few publicly reported Linux kernel attacks, these vulnerabilities are often used in malware campaigns.