Pam Config
Monthly
Local privilege escalation in SUSE Linux Enterprise 15 / openSUSE Leap pam-config (PAM) lets an unprivileged local user - including one logged in remotely over SSH - be incorrectly treated as a physically present "allow_active" console user. By gaining that session status, the attacker can invoke Polkit actions normally gated to active console sessions, and publicly available exploit code (Qualys) chains this with the udisks flaw CVE-2025-6019 to reach full root. There is no public evidence of active exploitation (not in CISA KEV), but working POC exploit code exists.
Local privilege escalation in SUSE Linux Enterprise 15 / openSUSE Leap pam-config (PAM) lets an unprivileged local user - including one logged in remotely over SSH - be incorrectly treated as a physically present "allow_active" console user. By gaining that session status, the attacker can invoke Polkit actions normally gated to active console sessions, and publicly available exploit code (Qualys) chains this with the udisks flaw CVE-2025-6019 to reach full root. There is no public evidence of active exploitation (not in CISA KEV), but working POC exploit code exists.