Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-3560

Published: 3 June 2021

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Notes

AuthorNote
mdeslaur
commit introducing issue was backported to policykit-1 version
in Ubuntu in focal+

Priority

High

CVSS 3 base score: 7.8

Status

Package Release Status
policykit-1
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (0.105-26ubuntu1.1)
groovy
Released (0.105-29ubuntu0.1)
hirsute
Released (0.105-30ubuntu0.1)
impish
Released (0.105-31)
jammy
Released (0.105-31)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)