For people like me who didn’t know what this was:
Stremio offers a secure, modern and seamless entertainment experience. With its easy-to-use interface and diverse content library, including 4K HDR support, users can enjoy their favorite movies and TV shows across all their devices. And with its commitment to security, Stremio is the ultimate choice for a worry-free, high-quality streaming experience.
edit: honestly, that’s a shitty description. This one seems a bit better:
Stremio is a modern media center that gives you the freedom to watch everything you want.
I dunno, I’d slow your roll on that. Hanlon’s razor came to notoriety in the field of computer science for a reason. I’ve done software dev professionally for over ten years now and you wouldn’t believe the stupid shit I’ve seen people write. The only thing that sucks more than a computer is the human writing software for it.
For those unfamiliar, here’s Hanlon’s razor:
EDIT: After a quick look at the CVEs, this definitely sounds like a big ol’ fuckup. It sounds like there might be some unsafe defaults in polkit as well?
EDIT: Here’s the report from the actual researchers which is MUCH more cogent than OP’s article: https://www.openwall.com/lists/oss-security/2025/06/17/4
It’s chaining two separate oopsies together. This overview on GitHub also provides more details about the
libblockdev
side of things: https://github.com/advisories/GHSA-mpgj-hch9-5rvxSpecifically, this section:
That really doesn’t sound like something intentional to me. That sounds like a HUGE oopsy-woopsy fucky-wucky, to get technical about it.