PwnKit: Local Privilege Escalation Bug in Major Linux Distros

Most of the Linux distributions have the pkexec binary. The vulnerability (CVE-2021-4034) lies in that binary.

Date January 28th, 2022 CVE(s) CVE-2021-4034 Affected Product(s) Majority Linux Distros Severity  Critical PwnKit: Local Privilege Escalation Bug in Major Linux Distros A critical memory corruption vulnerability is discovered in polkit’s pkexec. The pkexec is a part of the Polkit open-source application framework, which is used for interaction between privileged and unprivileged processes. The flaw has existed for about 12 years since version 0.113 of the pkexec component was released. Almost all popular Linux distros are affected, including RHEL, Fedora, Debian, CentOS, and many non-popular Linux distros, along with the unstable versions of those distros. Successful exploitation of this vulnerability could allow any non-privileged user to gain root access. We strongly recommend patching this vulnerability. For further reading, refer to our blog and learn about the impact.   SanerNow security content has been published to detect and mitigate this vulnerability in your IT environment. Please prioritize rolling out the patch on the affected systems. We strongly recommend applying the security update following the instructions published in our support article. Read Blog Post Stay Alert and Secure! Team SecPod If you have any questions related to support, please write to us at support@secpod.com. To contact our sales team, please email us at info@secpod.com  Copyright © 2021, SecPod, Inc. All rights reserved. 303 Twin Dolphin Drive, 6th Floor, Redwood City, California 94065, USA | Unsubscribe