CVE-2015-3255 — Project Polkit vulnerability

CWE-26410 documents8 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 71.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Polkit Project Polkit

Timeline

PublishedOct 26

Latest updateMay 14

Description

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDpolkit_project/polkit0.112

🔴Vulnerability Details

GHSA

GHSA-3hwj-36x6-3356: The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool↗2022-05-14

▶

OSV

policykit-1 vulnerabilities↗2018-07-16

▶

OSV

CVE-2015-3255: The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool↗2015-10-26

▶

CVEList

CVE-2015-3255: The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool↗2015-10-26

▶

📋Vendor Advisories

Ubuntu

PolicyKit vulnerabilities↗2018-07-17

▶

Ubuntu

PolicyKit vulnerabilities↗2018-07-16

▶

Debian

CVE-2015-3255: policykit-1 - The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactio...↗2015

▶

Red Hat

polkit: Heap-corruption on duplicate ids↗2014-09-07

▶

💬Community

Bugzilla

CVE-2015-3255 polkit: Heap-corruption on duplicate ids↗2015-07-22

▶