CVE-2025-6019:一個影響 AGL 及未來SDV的權限提升漏洞

2025年6月25日
VicOne 網路威脅研究實驗室
CVE-2025-6019:一個影響 AGL 及未來SDV的權限提升漏洞

By Vit Sembera (Senior Threat Researcher, Automotive)

CVE-2025-6019, a newly disclosed Linux privilege escalation vulnerability, underscores a persistent truth in modern automotive cybersecurity: Vulnerabilities once confined to traditional IT systems are now finding their way into connected vehicles. This particular flaw, found in the widely used libblockdev library in conjunction with udisks2 and Polkit, exemplifies how a seemingly ordinary Linux bug can pose a risk to backend systems and, increasingly, to in-vehicle platforms such as Automotive Grade Linux (AGL). With the rapid emergence of software-defined vehicle (SDV) architectures, these risks are no longer hypothetical.

CVE-2025-6019: a technical overview

CVE-2025-6019 is a local privilege escalation (LPE) vulnerability affecting Linux distributions that use libblockdev and udisks2 services. The issue arises when a nonprivileged user, with allow_active Polkit privileges (typically granted to console users), tricks the system into mounting a malicious XFS image that includes a SUID-root shell. Because the mount is performed without nosuid,nodev safeguards, the attacker can execute the SUID shell to gain root privileges.

This vulnerability is particularly dangerous because it is chainable with CVE-2025-6018, another flaw that grants additional control over the mounting process. Together, they create a complete exploit path for privilege escalation from a local user to root.

Most major Linux vendors — including Red Hat, Ubuntu, and SUSE — have issued advisories and patches. However, open-source projects that build on these foundations, like AGL, might remain exposed unless they rapidly adopt upstream fixes.

Impact beyond the server room: automotive risk factors

Historically, Linux vulnerabilities such as CVE-2025-6019 would be of greatest concern to backend infrastructure — OEM and Tier 1/2/3 data centers running telematics services, over-the-air (OTA) update platforms, or DevOps pipelines. However, the convergence of IT and OT (operational technology) in the automotive industry, particularly through SDVs and cloud-native E/E (electrical/electronic) architectures, dramatically widens the potential blast radius.

AGL is an open-source, Linux-based platform increasingly used in cockpit domains, infotainment systems, and even certain central compute units in vehicles. AGL incorporates core Linux services — including Polkit, udisks2, and libblockdev — in its system image. In its current releases (e.g., AGL Lamprey), these packages are present in vulnerable versions.

The danger is amplified in SDV deployments where vehicles are designed to be dynamically reconfigurable postproduction. Vehicles might accept new software packages, containerized applications, or file system images as part of service delivery or feature updates. A misconfigured privilege boundary — or an attacker with limited access — could exploit CVE-2025-6019 to escalate privileges and potentially interfere with critical vehicle operations.

Example attack vector: from USB interface to root access in production vehicle

Consider a production vehicle where a USB maintenance port is exposed (either by design or due to configuration oversight), or where a debug console was mistakenly left active. Alternatively, the attacker might have already gained limited access via a separate vulnerability in an onboard application.

The attack path could unfold as follows:

  1. The attacker inserts a USB flash drive containing a malicious XFS image embedded with a SUID-root shell.
  2. With nonprivileged user access — gained through debug console, exposed app, or previously chained exploit — the attacker triggers udisks2 to mount the USB device.
  3. Due to inadequate Polkit rules and lack of nosuid,nodev options, the system mounts the USB image with SUID permissions intact.
  4. The attacker executes the SUID shell from the mounted image, gaining full root privileges.
  5. With root access on the AGL-based system, the attacker can disable host-based security functions, install persistent backdoors, or laterally move toward more sensitive vehicle domains via internal Ethernet or CAN bus bridges.

Alternative attack vector: malicious volume in OTA update package

In a more remote variant, an attacker might exploit weaknesses in the SDV’s OTA pipeline. Suppose an OTA update package includes an arbitrary volume or disk image, intended to be mounted for asset delivery or sandboxed execution. If proper nosuid,nodev mount flags are not enforced, and Polkit or udisks2 permissions are overly permissive, a malicious actor could insert a crafted XFS volume that executes upon mount.

This scenario highlights how privilege escalation can propagate from backend DevOps infrastructure (e.g., CI/CD pipelines or supply chain compromise) into production vehicles, especially when vehicles are built to receive dynamic updates.

Automotive Grade Linux: vulnerable

VicOne analysis confirms that AGL distributions (e.g., Lamprey 12.1.11) ship with vulnerable versions of libblockdev (2.24), udisks2 (2.8.4), and Polkit (0.116). The default Polkit policies allow allow_active users to perform mounting operations, placing them squarely in the exploit scope.

While console-level access in a vehicle is limited, physical access is not out of the question in development environments, vehicle fleet depots, or during debugging via onboard diagnostics (OBD-II) ports and USB maintenance ports. Moreover, future SDVs might expose similar capabilities remotely if not properly sandboxed.

Threat detection and mitigation

Detection techniques

  • Monitor for Polkit authorization logs involving mounting operations from non-root users.
  • Watch for the creation or execution of SUID binaries from mounted file systems.
  • Use a host-based intrusion detection system (IDS), which can:
    • Detect abnormal USB block device mounts with unexpected file system types.
    • Flag execution of binaries from mounted media.
    • Identify Polkit-based privilege escalation attempts.
    • Alert on privilege boundary violations involving block devices.

Mitigation recommendations

  • Patch AGL components promptly. Integrators and OEMs using AGL must track and apply upstream security patches to core packages like libblockdev and udisks2. Failure to do so could leave vehicles open to LPE attacks even in production environments.
  • Harden Polkit policies. Restrict udisks2 permissions to administrative users only. Modify Polkit rules to require explicit admin authentication for mounting devices or modifying file systems.
  • Audit SDV update pipelines. Ensure that incoming file system images or software packages are validated, scanned, and sandboxed. Avoid mounting images without nosuid,nodev options unless absolutely necessary.
  • Secure developer and maintenance interfaces. Limit physical access to debug ports and console interfaces in both development and production vehicles. Implement role-based access control where feasible.
  • Leverage VSOCs for threat intelligence. Use tools to correlate events across vehicles, allowing the vehicle security operations center (VSOC) to detect coordinated attack attempts and assess potential exposure across fleet software baselines.

Threat matrix (Auto-ISAC ATM mapping)

TacticTechnique nameATM IDDescription
Initial AccessExploit via removable mediaATM-T0013Attacker inserts USB flash drive with malicious XFS image.
Initial AccessExploit via software supply chainATM-T0012Malicious volume is included in compromised OTA update or build artifact.
ExecutionExecution via removable mediaATM-T0008Malicious shell is executed from the mounted USB file system.
Privilege EscalationExploit privilege escalation vulnerabilityATM-T0004udisks2 + Polkit combo is exploited to elevate privileges.
Defense EvasionDisable or modify security softwareATM-T0024Security monitoring (e.g., xCarbon) or logging services are disabled.
PersistenceInstall rootkit or backdoorATM-T0018Attacker installs a persistence mechanism post-compromise.
Lateral MovementExploit internal networkATM-T0017Compromised ECU attempts to scan or move laterally via CAN/Ethernet.
ImpactModify vehicle softwareATM-T0015Attacker modifies system config or packages, potentially impacting functions.

Conclusion

CVE-2025-6019 is more than just another Linux privilege escalation — it is a stark reminder that SDVs are essentially rolling computers. As the automotive industry embraces more open-source and Linux-based stacks, vulnerabilities in core Linux services will increasingly impact the entire vehicle lifecycle, from development through deployment.

OEMs, Tier 1 suppliers, and platform providers must treat in-vehicle Linux systems with the same diligence as enterprise servers. This means timely patching, proper privilege separation, and rigorous supply chain security.

VicOne continues to monitor automotive-related CVEs and urges all stakeholders to stay ahead of these evolving threats.

VicOne新聞與觀點

深入瞭解汽車網路安全

  • 為CRA做好準備:一站式平台,簡化合規流程
    部落格與觀點
    2025年7月14日
    歐盟《資安韌性法(EU Cyber Resilience Act, CRA)》制定了針對包含數位元素的產品 (PDE) 的網路安全要求。這意味著供應鏈中的製造商必須監控漏洞,並在發現漏洞後立即報告,否則將面臨巨額罰款。在這樣的法規環境下,製造商亟需一套能主動監測漏洞並進行軟體物料清單(SBOM)管理的解決方案,以確保合規與資安同步到位。
    閱讀更多
  • CVE-2025-6019:一個影響 AGL 及未來SDV的權限提升漏洞
    部落格與觀點
    2025年6月25日
    一個最近揭露的 Linux 漏洞顯示,看似普通的錯誤,正逐漸開始影響軟體定義車輛(SDV)。我們解析 CVE-2025-6019、探討它對 Automotive Grade Linux(AGL)的影響,以及它對車載網路安全所代表的意義。
    閱讀更多
  • 使用單一 STM32 開發板複製 RAMN:經濟高效地實踐探索
    部落格與觀點
    2025年5月26日
    這是一篇針對車廠先進網路開發或是相關研究人員的實務實作指南。內容介紹如何深入研究先進車載網路的一種實用且經濟高效的方法,而這僅需使用一塊 STM32 板即可複製全尺寸抗干擾汽車微型網路 (RAMN) 的核心功能。這個實務實作指南中,我們將逐步介紹設定流程,讓車廠工程師和領域愛好者能夠使用最少的硬體來製作逼真可用來測試的汽車通訊系統的原型。
    閱讀更多
  • LockBit 勒索病毒集團資料外洩:對汽車網路安全的影響
    部落格與觀點
    2025年5月21日
    最近一起LockBit 勒索病毒集團的遭駭入侵事件,揭露了大量內部聊天紀錄,讓外界得以一窺該集團如何鎖定受害對象並進行勒索。其中,汽車公司以成為其主要攻擊焦點之一。我們將深入剖析此次資料外洩的關鍵發現,並提出務實的做法步驟,讓車廠面對LockBit 或類似的網路攻擊事件得以採取適當的防範措施。
    閱讀更多
閱讀最新報告

馬上體驗更先進的汽車網路安全防護

預約專人展示