CyberSec.Space Logo
Back to CVE Browser

CVE-2021-3560

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score42.5550%
EPSS Percentile98.95th
PublishedFeb 16, 2022
Last ModifiedNov 6, 2025

Vulnerability Description

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected Platforms (CPE)

πŸ“¦
Polkit Project

Polkit

< 0.119
πŸ’»
Debian

Debian Linux

= 11.0
πŸ’»
Canonical

Ubuntu Linux

= 20.04
πŸ“¦
Redhat

Virtualization

= 4.0
πŸ“¦
Redhat

Virtualization Host

= 4.0
πŸ“¦
Redhat

Openshift Container Platform

= 4.7

References & Advisories

πŸ”— http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
πŸ”— http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1961710
πŸ”— https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
πŸ”— http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
πŸ”— http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1961710
πŸ”— https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

Related Vulnerabilities

CVE-2011-07039.8

In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an ad...

CVE-2018-197888.8

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any sy...

CVE-2017-75728.1

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polki...

CVE-2019-132727.8

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wa...