CVE-2021-4034

Known Exploited (CISA KEV)HIGH

7.8

CVSS Severity Score

EPSS Score96.9260%

EPSS Percentile92.40th

Published2022年1月28日

Last Modified2025年11月6日

Vulnerability Description

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Affected Platforms (CPE)

📦

Polkit Project

Polkit

< 121

📦

Redhat

Enterprise Linux Server Update Services For Sap Solutions

= 7.6

📦

Redhat

Enterprise Linux Server Update Services For Sap Solutions

= 7.7

💻

Redhat

Enterprise Linux

= 8.0

💻

Redhat

Enterprise Linux Desktop

= 7.0

💻

Redhat

Enterprise Linux Eus

= 8.2

💻

Redhat

Enterprise Linux For Ibm Z Systems

= 7.0

💻

Redhat

Enterprise Linux For Ibm Z Systems

= 8.0

💻

Redhat

Enterprise Linux For Ibm Z Systems Eus

= 8.2

💻

Redhat

Enterprise Linux For Ibm Z Systems Eus

= 8.4

💻

Redhat

Enterprise Linux For Power Big Endian

= 7.0

💻

Redhat

Enterprise Linux For Power Little Endian

= 7.0

💻

Redhat

Enterprise Linux For Power Little Endian

= 8.0

💻

Redhat

Enterprise Linux For Power Little Endian Eus

= 8.1

💻

Redhat

Enterprise Linux For Power Little Endian Eus

= 8.2

💻

Redhat

Enterprise Linux For Power Little Endian Eus

= 8.4

💻

Redhat

Enterprise Linux For Scientific Computing

= 7.0

💻

Redhat

Enterprise Linux Server

= 6.0

💻

Redhat

Enterprise Linux Server

= 7.0

💻

Redhat

Enterprise Linux Server Aus

= 7.3

💻

Redhat

Enterprise Linux Server Aus

= 7.4

💻

Redhat

Enterprise Linux Server Aus

= 7.6

💻

Redhat

Enterprise Linux Server Aus

= 7.7

💻

Redhat

Enterprise Linux Server Aus

= 8.2

💻

Redhat

Enterprise Linux Server Aus

= 8.4

💻

Redhat

Enterprise Linux Server Eus

= 8.4

💻

Redhat

Enterprise Linux Server Tus

= 7.6

💻

Redhat

Enterprise Linux Server Tus

= 7.7

💻

Redhat

Enterprise Linux Server Tus

= 8.2

💻

Redhat

Enterprise Linux Server Tus

= 8.4

💻

Redhat

Enterprise Linux Server Update Services For Sap Solutions

= 8.1

💻

Redhat

Enterprise Linux Server Update Services For Sap Solutions

= 8.2

💻

Redhat

Enterprise Linux Server Update Services For Sap Solutions

= 8.4

💻

Redhat

Enterprise Linux Workstation

= 7.0

💻

Canonical

Ubuntu Linux

= 14.04

💻

Canonical

Ubuntu Linux

= 16.04

💻

Canonical

Ubuntu Linux

= 18.04

💻

Canonical

Ubuntu Linux

= 20.04

💻

Canonical

Ubuntu Linux

= 21.10

📦

Suse

Enterprise Storage

= 7.0

📦

Suse

Linux Enterprise High Performance Computing

= 15.0

📦

Suse

Manager Proxy

= 4.1

📦

Suse

Manager Server

= 4.1

💻

Suse

Linux Enterprise Desktop

= 15

💻

Suse

Linux Enterprise Server

= 15

💻

Suse

Linux Enterprise Server

= 15

💻

Suse

Linux Enterprise Workstation Extension

= 12

📦

Oracle

Http Server

= 12.2.1.3.0

📦

Oracle

Http Server

= 12.2.1.4.0

📦

Oracle

Zfs Storage Appliance Kit

= 8.8

📦

Siemens

Sinumerik Edge

< 3.3.0

💻

Siemens

Scalance Lpe9403 Firmware

< 2.0

📦

Starwindsoftware

Command Center

= 1.0

📦

Starwindsoftware

Starwind Virtual San

= v8

References & Advisories

🔗 http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html

🔗 http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html

🔗 https://access.redhat.com/security/vulnerabilities/RHSB-2022-001

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=2025869

🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf

🔗 https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683

🔗 https://www.oracle.com/security-alerts/cpuapr2022.html

🔗 https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

Vulnerability Description

Affected Platforms (CPE)

Polkit

Enterprise Linux Server Update Services For Sap Solutions

Enterprise Linux Server Update Services For Sap Solutions

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux For Ibm Z Systems

Enterprise Linux For Ibm Z Systems

Enterprise Linux For Ibm Z Systems Eus

Enterprise Linux For Ibm Z Systems Eus

Enterprise Linux For Power Big Endian

Enterprise Linux For Power Little Endian

Enterprise Linux For Power Little Endian

Enterprise Linux For Power Little Endian Eus

Enterprise Linux For Power Little Endian Eus

Enterprise Linux For Power Little Endian Eus

Enterprise Linux For Scientific Computing

Enterprise Linux Server

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Aus

Enterprise Linux Server Aus

Enterprise Linux Server Aus

Enterprise Linux Server Aus

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Server Tus

Enterprise Linux Server Tus

Enterprise Linux Server Tus

Enterprise Linux Server Update Services For Sap Solutions

Enterprise Linux Server Update Services For Sap Solutions

Enterprise Linux Server Update Services For Sap Solutions

Enterprise Linux Workstation

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Enterprise Storage

Linux Enterprise High Performance Computing

Manager Proxy

Manager Server

Linux Enterprise Desktop

Linux Enterprise Server

Linux Enterprise Server

Linux Enterprise Workstation Extension

Http Server

Http Server

Zfs Storage Appliance Kit

Sinumerik Edge

Scalance Lpe9403 Firmware

Command Center

Starwind Virtual San

References & Advisories

相關漏洞威脅