Polkit
wikipedia:Polkit Authorization Framework
https://linux.die.net/man/8/polkit
pkexec
command included inpolicykit-1
package- PwnKit (CVE-2021-4034), CVSS: High severity
Vulnerability[edit]
A memory corruption vulnerability PwnKit (CVE-2021-4034[1]) discovered in the pkexec command (installed on all major Linux distributions) was announced on January 25, 2022.[2][3] The vulnerability dates back to the original distribution from 2009. The vulnerability received a CVSS score of 7.8 ("High severity") reflecting serious factors involved in a possible exploit: unprivileged users can gain full root privileges, regardless of the underlying machine architecture or whether the polkit daemon is running or not.
Related[edit]
See also[edit]
Advertising: