CVE-2021-4034

high

Description

CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector

References

https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

https://access.redhat.com/security/vulnerabilities/RHSB-2022-001

https://bugzilla.redhat.com/show_bug.cgi?id=2025869

https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683

http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html

http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html

https://www.suse.com/support/kb/doc/?id=000020564

https://www.oracle.com/security-alerts/cpuapr2022.html

https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf

https://www.starwindsoftware.com/security/sw-20220818-0001/

https://access.redhat.com/errata/RHSA-2022:0268

https://access.redhat.com/errata/RHSA-2022:0269

https://access.redhat.com/errata/RHSA-2022:0266

https://access.redhat.com/errata/RHSA-2022:0267

https://access.redhat.com/errata/RHSA-2022:0443

https://access.redhat.com/errata/RHSA-2022:0265

https://access.redhat.com/errata/RHSA-2022:0540

https://access.redhat.com/errata/RHSA-2022:0273

https://access.redhat.com/errata/RHSA-2022:0274

https://access.redhat.com/errata/RHSA-2022:0271

https://access.redhat.com/errata/RHSA-2022:0272

https://access.redhat.com/errata/RHSA-2022:0270

https://access.redhat.com/security/cve/CVE-2021-4034

Details

Source: MITRE

Published: 2022-01-28

Updated: 2023-02-02

Type: CWE-787

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH