CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| Software | From | Fixed in |
|---|---|---|
| polkit_project / polkit | - | 0.119 |
| debian / debian_linux | 11.0 | 11.0.x |
| canonical / ubuntu_linux | 20.04 | 20.04.x |
| redhat / virtualization | 4.0 | 4.0.x |
| redhat / virtualization_host | 4.0 | 4.0.x |
| redhat / openshift_container_platform | 4.7 | 4.7.x |
- http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
- http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1961710
- https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime