This KB discuss how to check if TAS, Ops Manager and stemcells are affected by CVE-2025-6018 and CVE-2025-6019 

TAS/TPCF, Ops Manager and stemcells are not impacted by these CVEs. Per Ubuntu's page about these 2 CVEs: CVE-2025-6018 and CVE-2025-6019 since we do not install either of the affected packages.

This can be checked using `apt list` as suggested in the "How to check if you are impacted" or by running `dpkg -l` on the Ubuntu page below:
https://ubuntu.com/blog/udisks-libblockdev-lpe-vulnerability-fixes-available

Here is a sample output of commands run:

root@ip-##-#-#-###:/home/ubuntu# apt list --installed | grep "^\(udisks2\|libblockdev\)"

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

root@ip-##-#-#-###:/home/ubuntu# dpkg -l | grep "udisks2|libblockdev"

Here is a sample script that would check all vms on all deployments if the vm is using udisks2 or libblockdev:

#!/bin/bash
# Configuration

BOSH_ENVIRONMENT="your bosh env"  

for BOSH_DEPLOYMENT in $(bosh deployments --column=name)

do


# Function to SSH into a specific VM and check for libraries

ssh_to_vm_and_check() {

  local vm_id="$1"

  echo "SSHing into $vm_id..."

  bosh -e "$BOSH_ENVIRONMENT" -d "$BOSH_DEPLOYMENT" ssh "$vm_id" -c "sudo dpkg -l | grep \"udisks2|libblockdev\""

}


# Get the list of VMs on a deployment
vms=$(bosh -e "$BOSH_ENVIRONMENT" -d "$BOSH_DEPLOYMENT" vms --json | jq -r '.Tables[0].Rows[].instance')

# Iterate through the VMs and SSH then check into each vm

for vm in $vms; do

  ssh_to_vm_and_check "$vm"

done

done