Qualys TRU Uncovers Chained LPE: SUSE 15 PAM to Full Root via libblockdev/udisks

Qualys TRU disclosed two chained local privilege escalation vulnerabilities: CVE-2025-6018 (PAM misconfiguration in openSUSE/SLE 15 that can mark remote logins as "allow_active") and CVE-2025-6019 (a libblockdev flaw reachable via the ubiquitous udisks daemon that allows an "allow_active" user to become root). PoC exploits were developed and validated across Ubuntu, Debian, Fedora, and openSUSE, and Qualys urges immediate patching and changing the polkit rule for org.freedesktop.udisks2.modify-device from allow_active to auth_admin to mitigate the risk.