Vulnerability Alert - Pkexec (PwnKit)
It was discovered a Local Privilege Escalation/Memory Corruption vulnerability (CVE-2021-4034) in polkit's pkexec, which can be found in Linux distributions, as well as other Unix-like operating systems.
It is important to mention that pkexec is vulnerable since its creation, therefore all version need to be updated.
Qualys shares a lot of technical details about this vulnerability, which we refer to in [1] and [2].
An unprivileged local user can exploit this vulnerability to obtain full root privileges. This vulnerability is not remotely exploited.
It is recommended to apply the patches.
[1] https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
[2] https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
[3] https://www.securityweek.com/polkit-vulnerability-provides-root-privileges-linux-systems