Skip to content

OSG-SEC-2022-01-26 CRITICAL local privilege escalation in polkit's pkexec

Dear OSG Security Contacts,

A local privilege escalation in polkit's [1] pkexec has been discovered [2]. Polkit's pkexec is a setuid root program that's installed by default on every major Linux distribution. Exploitation of this vulnerability allows an unprivileged user to elevate their privileges to root on the system [3]. Due to the widespread nature and the ease of exploitability, the OSG security team has categorized this as a CRITICAL severity vulnerability.

IMPACTED VERSIONS:

All major Linux distributions [4][5][6].

WHAT ARE THE VULNERABILITIES:

Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems.

  • any unprivileged local user can exploit this vulnerability to obtain full root privileges;

  • although this vulnerability is technically a memory corruption, it is exploitable instantly, reliably, in an architecture-independent way;

  • and it is exploitable even if the polkit daemon itself is not running.

WHAT YOU SHOULD DO:

Update to a patched version of polkit when available for your distribution [4][5][6].

MITIGATIONS

If no patches are available for your operating system, you can remove the setuid bit from the pkexec executable as a temporary mitigation with the following command:

chmod 0755 /usr/bin/pkexec

REFERENCES

[1] https://www.freedesktop.org/software/polkit/docs/latest/

[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034

[3] https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

[4] https://security-tracker.debian.org/tracker/CVE-2021-4034

[5] https://ubuntu.com/security/notices/USN-5252-1

[6] https://access.redhat.com/security/cve/CVE-2021-4034

Please contact the OSG security team at [email protected] if you have any questions or concerns.

OSG Security Team