CVE-2021-4115
published 2022-02-21CVE-2021-4115: There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | policykit-1 | < policykit-1 0.105-32 (bookworm) | policykit-1 0.105-32 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| oracle | zfs_storage_appliance_kit | — | — |
| polkit_project | polkit | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM