⚠ Actively exploited
Added to CISA KEV on 2022-06-27. Federal agencies required to patch by 2022-07-18. Required action: Apply updates per vendor instructions..

CVE-2021-4034

CWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read29 documents21 sources
Severity
7.8HIGH
EPSS
87.8%
top 0.53%
CISA KEV
KEV
Added 2022-06-27
Due 2022-07-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
31
Linux LinuxPolkit Project PolkitSiemens Scalance Lpe9403 Firmware+28 more
Timeline
PublishedJan 28
KEV addedJun 27
KEV dueJul 18
Latest updateOct 3
CISA Required Action: Apply updates per vendor instructions.

Description

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages20 packages

CVEListV5polkitall
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac241f6ea5b9aaa28b740d47ffe995a5013211fdbb0+9

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 20.04, 21.10, Enterprise Linux 8.0, 8.2, 7.0, 8.4, 8.1, 7.3, 7.4, 7.6, 7.7

Patches

Patch: bugzilla.redhat.comPatch: gitlab.freedesktop.orgPatch: www.oracle.com

🔴Vulnerability Details

5
Kernel
exec: Force single empty string when argv is empty2022-01-31
GHSA
GHSA-qgr2-xgqv-24x8: A local privilege escalation vulnerability was found on polkit's pkexec utility2022-01-29
CVEList
CVE-2021-4034: A local privilege escalation vulnerability was found on polkit's pkexec utility2022-01-28
OSV
CVE-2021-4034: A local privilege escalation vulnerability was found on polkit's pkexec utility2022-01-28
VulnCheck
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability2021

💥Exploits & PoCs

1
Exploit-DB
PolicyKit-1 0.105-31 - Privilege Escalation2022-01-27

🔍Detection Rules

2
YARA
Linux_Exploit_CVE_2021_4034_1c8f235d
Elastic
Potential Privilege Escalation via PKEXEC

📋Vendor Advisories

7
Oracle
Oracle Oracle Communications Risk Matrix: Platform (Polkit) — CVE-2021-40342022-10-15
CISA
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability2022-06-27
Ubuntu
PolicyKit vulnerability2022-01-25
Ubuntu
PolicyKit vulnerability2022-01-25
Red Hat
polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector2022-01-25

🕵️Threat Intelligence

9
Bleepingcomputer
Linux malware “perfctl” behind years-long cryptomining campaign2024-10-03
Trendmicro
Detecting PwnKit (CVE-2021-4034) Using Trend Micro™ Vision One™ and Cloud One™2022-02-11
Trendmicro
Detecting PwnKit (CVE-2021-4034) Using Trend Micro™ Vision One™ and Cloud One™2022-02-11
Trendmicro
Detecting PwnKit (CVE-2021-4034) Using Trend Micro™ Vision One™ and Cloud One™2022-02-11
Trendmicro
Detecting PwnKit (CVE-2021-4034) Using Trend Micro™ Vision One™ and Cloud One™2022-02-11

📄Research Papers

1
CTF
pwnkit / README2022