New Chain of Vulnerabilities in Linux Allows User to Root Escalation in Seconds

Researchers from Qualys TRU have revealed a combination of local privilege escalation affecting most desktop and server Linux distributions. The attack combines a configuration error in SUSE/openSUSE's PAM (CVE-2025-6018) with another in libblockdev/udisks (CVE-2025-6019) to escalate from an unprivileged user to root. A third, independent vulnerability in Linux-PAM (CVE-2025-6020) has been recently fixed in version 1.7.1.