Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-4034 (GCVE-0-2021-4034)
Vulnerability from cvelistv5 – Published: 2022-01-28 00:00 – Updated: 2025-10-21 23:15
VLAI
EPSS
CISA KEV
Summary
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Severity
7.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - (CWE-787|CWE-125)
Assigner
References
13 references
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 518ac670-b61f-4ca6-97e4-1e8262566fc6
Exploited: Yes
Timestamps
First Seen: 2022-06-27
Asserted: 2022-06-27
Scope
Notes: KEV entry: Red Hat Polkit Out-of-Bounds Read and Write Vulnerability | Affected: Red Hat / Polkit | Description: The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-4034
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-787 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Polkit |
| Due Date | 2022-07-18 |
| Date Added | 2022-06-27 |
| Vendorproject | Red Hat |
| Vulnerabilityname | Red Hat Polkit Out-of-Bounds Read and Write Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 12:27 UTC
| Updated: 2026-02-06 07:17 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-23T18:05:54.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000020564"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-4034",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-12T10:21:57.857346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-06-27",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:48.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-06-27T00:00:00.000Z",
"value": "CVE-2021-4034 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "polkit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "(CWE-787|CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T00:16:44.133Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
},
{
"url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
},
{
"url": "https://www.suse.com/support/kb/doc/?id=000020564"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
},
{
"url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4034",
"datePublished": "2022-01-28T00:00:00.000Z",
"dateReserved": "2021-11-29T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:48.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2021-4034",
"cwes": "[\"CWE-787\"]",
"dateAdded": "2022-06-27",
"dueDate": "2022-07-18",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034",
"product": "Polkit",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.",
"vendorProject": "Red Hat",
"vulnerabilityName": "Red Hat Polkit Out-of-Bounds Read and Write Vulnerability"
},
"epss": {
"cve": "CVE-2021-4034",
"date": "2026-06-10",
"epss": "0.87351",
"percentile": "0.99474"
},
"fkie_nvd": {
"cisaActionDue": "2022-07-18",
"cisaExploitAdd": "2022-06-27",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Red Hat Polkit Out-of-Bounds Read and Write Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"121\", \"matchCriteriaId\": \"F01D94C9-1E04-413B-8636-1AAC6D9E84D6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB70A2F8-EAB3-4898-9353-F679FF721C82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB3AC848-C2D0-4878-8619-F5815173555D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"831F0F47-3565-4763-B16F-C87B1FF2035E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"566507B6-AC95-47F7-A3FB-C6F414E45F51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87C21FE1-EA5C-498F-9C6C-D05F91A88217\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AB105EC-19F9-424A-86F1-305A6FD74A9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CDCFF34-6F1D-45A1-BE37-6A0E17B04801\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47811209-5CE5-4375-8391-B0A7F6A0E420\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EB6F417-25D0-4A28-B7BA-D21929EAA9E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"983533DD-3970-4A37-9A9C-582BD48AA1E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37CE1DC7-72C5-483C-8921-0B462C8284D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98381E61-F082-4302-B51F-5648884F998B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D99A687E-EAE6-417E-A88E-D0082BC194CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B353CE99-D57C-465B-AAB0-73EF581127D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7431ABC1-9252-419E-8CC1-311B41360078\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6897676D-53F9-45B3-B27F-7FF9A4C58D33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E28F226A-CBC7-4A32-BE58-398FA5B42481\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61917784-47F1-4328-BA1F-A88C5E23496B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B09ACF2D-D83F-4A86-8185-9569605D8EE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC10D919-57FD-4725-B8D2-39ECB476902F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48C2E003-A71C-4D06-B8B3-F93160568182\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3921C1CF-A16D-4727-99AD-03EFFA7C91CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC6DD887-9744-43EA-8B3C-44C6B6339590\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"815D70A8-47D3-459C-A32C-9FEACA0659D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"902B8056-9E37-443B-8905-8AA93E2447FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAE4D2D0-CEEB-416F-8BC5-A7987DF56190\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7305944-AC9C-47A3-AADF-71A8B24830D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*\", \"matchCriteriaId\": \"CDFEA8DC-7D78-4ACD-A95C-9408F45EEAE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9910C73A-3BCD-4F56-8C7D-79CB289640A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5810E98-7BF5-42E2-9DE9-661049ABE367\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C4F62C0-4188-433A-8292-559025CA23C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*\", \"matchCriteriaId\": \"07D416C5-4A0F-4EF3-A3DE-A028AAA4F739\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*\", \"matchCriteriaId\": \"F6C1736B-0505-4C19-98B7-90C8359F3BCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*\", \"matchCriteriaId\": \"243B9B56-C744-4C1C-B42E-158C1B041B6A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD04BEE5-E9A8-4584-A68C-0195CE9C402C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.3.0\", \"matchCriteriaId\": \"D069EA07-88A5-4058-A2BC-44F94D9ACC9A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0\", \"matchCriteriaId\": \"9FC41AD4-69E5-48D8-8216-671F485C3C40\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52A77C9D-E59C-4397-B834-797D7B334A6B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*\", \"matchCriteriaId\": \"B323EF31-7A67-4458-8323-86F8AA58268C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*\", \"matchCriteriaId\": \"14AF427F-BC75-40C7-9579-34A74E2E475D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una vulnerabilidad de escalada de privilegios local en la utilidad pkexec de polkit. La aplicaci\\u00f3n pkexec es una herramienta setuid dise\\u00f1ada para permitir a usuarios sin privilegios ejecutar comandos como usuarios privilegiados de acuerdo con pol\\u00edticas predefinidas. La versi\\u00f3n actual de pkexec no maneja correctamente el recuento de par\\u00e1metros de llamada y termina intentando ejecutar variables de entorno como comandos. Un atacante puede aprovechar esto creando variables de entorno de tal manera que induzcan a pkexec a ejecutar c\\u00f3digo arbitrario. Cuando se ejecuta con \\u00e9xito, el ataque puede provocar una escalada de privilegios locales otorgando a los usuarios sin privilegios derechos administrativos en la m\\u00e1quina de destino.\"}]",
"id": "CVE-2021-4034",
"lastModified": "2024-11-21T06:36:45.880",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-01-28T20:15:12.193",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/security/vulnerabilities/RHSB-2022-001\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2025869\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.starwindsoftware.com/security/sw-20220818-0001/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.suse.com/support/kb/doc/?id=000020564\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/security/vulnerabilities/RHSB-2022-001\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2025869\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.starwindsoftware.com/security/sw-20220818-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.suse.com/support/kb/doc/?id=000020564\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}, {\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-4034\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-01-28T20:15:12.193\",\"lastModified\":\"2025-11-06T14:50:26.470\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad de escalada de privilegios local en la utilidad pkexec de polkit. La aplicaci\u00f3n pkexec es una herramienta setuid dise\u00f1ada para permitir a usuarios sin privilegios ejecutar comandos como usuarios privilegiados de acuerdo con pol\u00edticas predefinidas. La versi\u00f3n actual de pkexec no maneja correctamente el recuento de par\u00e1metros de llamada y termina intentando ejecutar variables de entorno como comandos. Un atacante puede aprovechar esto creando variables de entorno de tal manera que induzcan a pkexec a ejecutar c\u00f3digo arbitrario. Cuando se ejecuta con \u00e9xito, el ataque puede provocar una escalada de privilegios locales otorgando a los usuarios sin privilegios derechos administrativos en la m\u00e1quina de destino.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-06-27\",\"cisaActionDue\":\"2022-07-18\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Red Hat Polkit Out-of-Bounds Read and Write Vulnerability\",\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"121\",\"matchCriteriaId\":\"F01D94C9-1E04-413B-8636-1AAC6D9E84D6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB70A2F8-EAB3-4898-9353-F679FF721C82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB3AC848-C2D0-4878-8619-F5815173555D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"831F0F47-3565-4763-B16F-C87B1FF2035E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"566507B6-AC95-47F7-A3FB-C6F414E45F51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87C21FE1-EA5C-498F-9C6C-D05F91A88217\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AB105EC-19F9-424A-86F1-305A6FD74A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CDCFF34-6F1D-45A1-BE37-6A0E17B04801\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47811209-5CE5-4375-8391-B0A7F6A0E420\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EB6F417-25D0-4A28-B7BA-D21929EAA9E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"983533DD-3970-4A37-9A9C-582BD48AA1E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37CE1DC7-72C5-483C-8921-0B462C8284D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98381E61-F082-4302-B51F-5648884F998B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99A687E-EAE6-417E-A88E-D0082BC194CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6897676D-53F9-45B3-B27F-7FF9A4C58D33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E28F226A-CBC7-4A32-BE58-398FA5B42481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61917784-47F1-4328-BA1F-A88C5E23496B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B09ACF2D-D83F-4A86-8185-9569605D8EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC10D919-57FD-4725-B8D2-39ECB476902F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48C2E003-A71C-4D06-B8B3-F93160568182\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3921C1CF-A16D-4727-99AD-03EFFA7C91CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC6DD887-9744-43EA-8B3C-44C6B6339590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"902B8056-9E37-443B-8905-8AA93E2447FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAE4D2D0-CEEB-416F-8BC5-A7987DF56190\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7305944-AC9C-47A3-AADF-71A8B24830D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*\",\"matchCriteriaId\":\"CDFEA8DC-7D78-4ACD-A95C-9408F45EEAE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9910C73A-3BCD-4F56-8C7D-79CB289640A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5810E98-7BF5-42E2-9DE9-661049ABE367\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C4F62C0-4188-433A-8292-559025CA23C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*\",\"matchCriteriaId\":\"07D416C5-4A0F-4EF3-A3DE-A028AAA4F739\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*\",\"matchCriteriaId\":\"F6C1736B-0505-4C19-98B7-90C8359F3BCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"243B9B56-C744-4C1C-B42E-158C1B041B6A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD04BEE5-E9A8-4584-A68C-0195CE9C402C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.3.0\",\"matchCriteriaId\":\"D069EA07-88A5-4058-A2BC-44F94D9ACC9A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"9FC41AD4-69E5-48D8-8216-671F485C3C40\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52A77C9D-E59C-4397-B834-797D7B334A6B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*\",\"matchCriteriaId\":\"B323EF31-7A67-4458-8323-86F8AA58268C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*\",\"matchCriteriaId\":\"14AF427F-BC75-40C7-9579-34A74E2E475D\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/security/vulnerabilities/RHSB-2022-001\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2025869\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.starwindsoftware.com/security/sw-20220818-0001/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.suse.com/support/kb/doc/?id=000020564\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/security/vulnerabilities/RHSB-2022-001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2025869\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.starwindsoftware.com/security/sw-20220818-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.suse.com/support/kb/doc/?id=000020564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034\"}, {\"url\": \"https://access.redhat.com/security/vulnerabilities/RHSB-2022-001\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2025869\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.suse.com/support/kb/doc/?id=000020564\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.starwindsoftware.com/security/sw-20220818-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/\", \"tags\": [\"x_transferred\"]}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-23T18:05:54.355Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-4034\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-12T10:21:57.857346Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-06-27\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-06-27T00:00:00.000Z\", \"value\": \"CVE-2021-4034 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-29T16:47:04.068Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"polkit\", \"versions\": [{\"status\": \"affected\", \"version\": \"all\"}]}], \"references\": [{\"url\": \"https://access.redhat.com/security/vulnerabilities/RHSB-2022-001\"}, {\"url\": \"https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2025869\"}, {\"url\": \"https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\"}, {\"url\": \"http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html\"}, {\"url\": \"http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html\"}, {\"url\": \"https://www.suse.com/support/kb/doc/?id=000020564\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf\"}, {\"url\": \"https://www.starwindsoftware.com/security/sw-20220818-0001/\"}, {\"url\": \"https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"(CWE-787|CWE-125)\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2023-10-18T00:16:44.133Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-4034\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:15:48.549Z\", \"dateReserved\": \"2021-11-29T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2022-01-28T00:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2022_0269
Vulnerability from csaf_redhat - Published: 2022-01-25 18:21 - Updated: 2024-11-15 10:45Summary
Red Hat Security Advisory: polkit security update
Severity
Important
Notes
Topic: An update for polkit is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
7.8 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-ELS:polkit-0:0.96-11.el6_10.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-0:0.96-11.el6_10.2.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-0:0.96-11.el6_10.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-0:0.96-11.el6_10.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-0:0.96-11.el6_10.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-desktop-policy-0:0.96-11.el6_10.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
12 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for polkit is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.\n\nSecurity Fix(es):\n\n* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0269",
"url": "https://access.redhat.com/errata/RHSA-2022:0269"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0269.json"
}
],
"title": "Red Hat Security Advisory: polkit security update",
"tracking": {
"current_release_date": "2024-11-15T10:45:00+00:00",
"generator": {
"date": "2024-11-15T10:45:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0269",
"initial_release_date": "2022-01-25T18:21:43+00:00",
"revision_history": [
{
"date": "2022-01-25T18:21:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-25T18:21:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T10:45:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.96-11.el6_10.2.src",
"product": {
"name": "polkit-0:0.96-11.el6_10.2.src",
"product_id": "polkit-0:0.96-11.el6_10.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.96-11.el6_10.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.96-11.el6_10.2.s390",
"product": {
"name": "polkit-0:0.96-11.el6_10.2.s390",
"product_id": "polkit-0:0.96-11.el6_10.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.96-11.el6_10.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.96-11.el6_10.2.s390",
"product": {
"name": "polkit-devel-0:0.96-11.el6_10.2.s390",
"product_id": "polkit-devel-0:0.96-11.el6_10.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.96-11.el6_10.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.96-11.el6_10.2.s390",
"product": {
"name": "polkit-debuginfo-0:0.96-11.el6_10.2.s390",
"product_id": "polkit-debuginfo-0:0.96-11.el6_10.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.96-11.el6_10.2?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.96-11.el6_10.2.s390x",
"product": {
"name": "polkit-0:0.96-11.el6_10.2.s390x",
"product_id": "polkit-0:0.96-11.el6_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.96-11.el6_10.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.96-11.el6_10.2.s390x",
"product": {
"name": "polkit-devel-0:0.96-11.el6_10.2.s390x",
"product_id": "polkit-devel-0:0.96-11.el6_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.96-11.el6_10.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "polkit-docs-0:0.96-11.el6_10.2.s390x",
"product": {
"name": "polkit-docs-0:0.96-11.el6_10.2.s390x",
"product_id": "polkit-docs-0:0.96-11.el6_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-docs@0.96-11.el6_10.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.96-11.el6_10.2.s390x",
"product": {
"name": "polkit-debuginfo-0:0.96-11.el6_10.2.s390x",
"product_id": "polkit-debuginfo-0:0.96-11.el6_10.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.96-11.el6_10.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.96-11.el6_10.2.x86_64",
"product": {
"name": "polkit-0:0.96-11.el6_10.2.x86_64",
"product_id": "polkit-0:0.96-11.el6_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.96-11.el6_10.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.96-11.el6_10.2.x86_64",
"product": {
"name": "polkit-devel-0:0.96-11.el6_10.2.x86_64",
"product_id": "polkit-devel-0:0.96-11.el6_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.96-11.el6_10.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-docs-0:0.96-11.el6_10.2.x86_64",
"product": {
"name": "polkit-docs-0:0.96-11.el6_10.2.x86_64",
"product_id": "polkit-docs-0:0.96-11.el6_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-docs@0.96-11.el6_10.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.96-11.el6_10.2.x86_64",
"product": {
"name": "polkit-debuginfo-0:0.96-11.el6_10.2.x86_64",
"product_id": "polkit-debuginfo-0:0.96-11.el6_10.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.96-11.el6_10.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.96-11.el6_10.2.i686",
"product": {
"name": "polkit-0:0.96-11.el6_10.2.i686",
"product_id": "polkit-0:0.96-11.el6_10.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.96-11.el6_10.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.96-11.el6_10.2.i686",
"product": {
"name": "polkit-devel-0:0.96-11.el6_10.2.i686",
"product_id": "polkit-devel-0:0.96-11.el6_10.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.96-11.el6_10.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.96-11.el6_10.2.i686",
"product": {
"name": "polkit-debuginfo-0:0.96-11.el6_10.2.i686",
"product_id": "polkit-debuginfo-0:0.96-11.el6_10.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.96-11.el6_10.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-docs-0:0.96-11.el6_10.2.i686",
"product": {
"name": "polkit-docs-0:0.96-11.el6_10.2.i686",
"product_id": "polkit-docs-0:0.96-11.el6_10.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-docs@0.96-11.el6_10.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-desktop-policy-0:0.96-11.el6_10.2.noarch",
"product": {
"name": "polkit-desktop-policy-0:0.96-11.el6_10.2.noarch",
"product_id": "polkit-desktop-policy-0:0.96-11.el6_10.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-desktop-policy@0.96-11.el6_10.2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.96-11.el6_10.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-0:0.96-11.el6_10.2.i686"
},
"product_reference": "polkit-0:0.96-11.el6_10.2.i686",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.96-11.el6_10.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-0:0.96-11.el6_10.2.s390"
},
"product_reference": "polkit-0:0.96-11.el6_10.2.s390",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.96-11.el6_10.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-0:0.96-11.el6_10.2.s390x"
},
"product_reference": "polkit-0:0.96-11.el6_10.2.s390x",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.96-11.el6_10.2.src as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-0:0.96-11.el6_10.2.src"
},
"product_reference": "polkit-0:0.96-11.el6_10.2.src",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.96-11.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-0:0.96-11.el6_10.2.x86_64"
},
"product_reference": "polkit-0:0.96-11.el6_10.2.x86_64",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.96-11.el6_10.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.i686"
},
"product_reference": "polkit-debuginfo-0:0.96-11.el6_10.2.i686",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.96-11.el6_10.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.s390"
},
"product_reference": "polkit-debuginfo-0:0.96-11.el6_10.2.s390",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.96-11.el6_10.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.s390x"
},
"product_reference": "polkit-debuginfo-0:0.96-11.el6_10.2.s390x",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.96-11.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.96-11.el6_10.2.x86_64",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-desktop-policy-0:0.96-11.el6_10.2.noarch as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-desktop-policy-0:0.96-11.el6_10.2.noarch"
},
"product_reference": "polkit-desktop-policy-0:0.96-11.el6_10.2.noarch",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.96-11.el6_10.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.i686"
},
"product_reference": "polkit-devel-0:0.96-11.el6_10.2.i686",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.96-11.el6_10.2.s390 as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.s390"
},
"product_reference": "polkit-devel-0:0.96-11.el6_10.2.s390",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.96-11.el6_10.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.s390x"
},
"product_reference": "polkit-devel-0:0.96-11.el6_10.2.s390x",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.96-11.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.x86_64"
},
"product_reference": "polkit-devel-0:0.96-11.el6_10.2.x86_64",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.96-11.el6_10.2.i686 as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.i686"
},
"product_reference": "polkit-docs-0:0.96-11.el6_10.2.i686",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.96-11.el6_10.2.s390x as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.s390x"
},
"product_reference": "polkit-docs-0:0.96-11.el6_10.2.s390x",
"relates_to_product_reference": "6Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.96-11.el6_10.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6 ELS)",
"product_id": "6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.x86_64"
},
"product_reference": "polkit-docs-0:0.96-11.el6_10.2.x86_64",
"relates_to_product_reference": "6Server-ELS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2021-4034",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2025869"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-ELS:polkit-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.s390",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.src",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.x86_64",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.s390",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.x86_64",
"6Server-ELS:polkit-desktop-policy-0:0.96-11.el6_10.2.noarch",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.s390",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.x86_64",
"6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4034"
},
{
"category": "external",
"summary": "RHBZ#2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "external",
"summary": "RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034"
},
{
"category": "external",
"summary": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-01-25T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-25T18:21:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-ELS:polkit-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.s390",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.src",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.x86_64",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.s390",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.x86_64",
"6Server-ELS:polkit-desktop-policy-0:0.96-11.el6_10.2.noarch",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.s390",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.x86_64",
"6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0269"
},
{
"category": "workaround",
"details": "For customers who cannot update immediately and doesn\u0027t have Secure Boot feature enabled, the issue can be mitigated by executing the following steps:\n\n1) Install required systemtap packages and dependencies as per - pointed by https://access.redhat.com/solutions/5441\n\n2) Install polkit debug info:\n ~~~\n debuginfo-install polkit\n ~~~\n\n3) Create the following systemtap script, and name it pkexec-block.stp:\n ~~~\n probe process(\"/usr/bin/pkexec\").function(\"main\") {\n if (cmdline_arg(1) == \"\")\n raise(9);\n}\n~~~\n\n4) Load the systemtap module into the running kernel:\n ~~~\n stap -g -F -m stap_pkexec_block pkexec_block.stp\n ~~~\n\n5) Ensure the module is loaded:\n ~~~\n lsmod | grep -i stap_pkexec_block\nstap_pkexec_block 434176 0\n~~~\n\n6) Once polkit package was updated to the version containing the fix, the systemtap generated kernel module can be removed by running:\n ~~~\n rmmod stap_pkexec_block\n ~~~\n\nThis mitigation doesn\u0027t work for Secure Boot enabled system as SystemTap would require an external compiling server to be able to sign the generated kernel module\nwith a key enrolled into the Kernel\u0027s keyring.",
"product_ids": [
"6Server-ELS:polkit-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.s390",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.src",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.x86_64",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.s390",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.x86_64",
"6Server-ELS:polkit-desktop-policy-0:0.96-11.el6_10.2.noarch",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.s390",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.x86_64",
"6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"6Server-ELS:polkit-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.s390",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.src",
"6Server-ELS:polkit-0:0.96-11.el6_10.2.x86_64",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.s390",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-debuginfo-0:0.96-11.el6_10.2.x86_64",
"6Server-ELS:polkit-desktop-policy-0:0.96-11.el6_10.2.noarch",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.s390",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-devel-0:0.96-11.el6_10.2.x86_64",
"6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.i686",
"6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.s390x",
"6Server-ELS:polkit-docs-0:0.96-11.el6_10.2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-27T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector"
}
]
}
RHSA-2022_0270
Vulnerability from csaf_redhat - Published: 2022-01-25 18:21 - Updated: 2024-11-15 10:44Summary
Red Hat Security Advisory: polkit security update
Severity
Important
Notes
Topic: An update for polkit is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
7.8 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.3.AUS:polkit-debuginfo-0:0.112-12.el7_3.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.3.AUS:polkit-debuginfo-0:0.112-12.el7_3.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.3.AUS:polkit-devel-0:0.112-12.el7_3.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.3.AUS:polkit-devel-0:0.112-12.el7_3.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.3.AUS:polkit-docs-0:0.112-12.el7_3.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
12 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for polkit is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.\n\nSecurity Fix(es):\n\n* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0270",
"url": "https://access.redhat.com/errata/RHSA-2022:0270"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0270.json"
}
],
"title": "Red Hat Security Advisory: polkit security update",
"tracking": {
"current_release_date": "2024-11-15T10:44:53+00:00",
"generator": {
"date": "2024-11-15T10:44:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0270",
"initial_release_date": "2022-01-25T18:21:13+00:00",
"revision_history": [
{
"date": "2022-01-25T18:21:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-25T18:21:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T10:44:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.3::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-12.el7_3.1.src",
"product": {
"name": "polkit-0:0.112-12.el7_3.1.src",
"product_id": "polkit-0:0.112-12.el7_3.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-12.el7_3.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-12.el7_3.1.x86_64",
"product": {
"name": "polkit-0:0.112-12.el7_3.1.x86_64",
"product_id": "polkit-0:0.112-12.el7_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-12.el7_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-12.el7_3.1.x86_64",
"product": {
"name": "polkit-devel-0:0.112-12.el7_3.1.x86_64",
"product_id": "polkit-devel-0:0.112-12.el7_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-12.el7_3.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-12.el7_3.1.x86_64",
"product": {
"name": "polkit-debuginfo-0:0.112-12.el7_3.1.x86_64",
"product_id": "polkit-debuginfo-0:0.112-12.el7_3.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-12.el7_3.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-12.el7_3.1.i686",
"product": {
"name": "polkit-0:0.112-12.el7_3.1.i686",
"product_id": "polkit-0:0.112-12.el7_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-12.el7_3.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-12.el7_3.1.i686",
"product": {
"name": "polkit-devel-0:0.112-12.el7_3.1.i686",
"product_id": "polkit-devel-0:0.112-12.el7_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-12.el7_3.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-12.el7_3.1.i686",
"product": {
"name": "polkit-debuginfo-0:0.112-12.el7_3.1.i686",
"product_id": "polkit-debuginfo-0:0.112-12.el7_3.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-12.el7_3.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-docs-0:0.112-12.el7_3.1.noarch",
"product": {
"name": "polkit-docs-0:0.112-12.el7_3.1.noarch",
"product_id": "polkit-docs-0:0.112-12.el7_3.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-docs@0.112-12.el7_3.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-12.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.i686"
},
"product_reference": "polkit-0:0.112-12.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-12.el7_3.1.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.src"
},
"product_reference": "polkit-0:0.112-12.el7_3.1.src",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-12.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.x86_64"
},
"product_reference": "polkit-0:0.112-12.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-12.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:polkit-debuginfo-0:0.112-12.el7_3.1.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-12.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-12.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:polkit-debuginfo-0:0.112-12.el7_3.1.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-12.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-12.el7_3.1.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:polkit-devel-0:0.112-12.el7_3.1.i686"
},
"product_reference": "polkit-devel-0:0.112-12.el7_3.1.i686",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-12.el7_3.1.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:polkit-devel-0:0.112-12.el7_3.1.x86_64"
},
"product_reference": "polkit-devel-0:0.112-12.el7_3.1.x86_64",
"relates_to_product_reference": "7Server-7.3.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-12.el7_3.1.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.3)",
"product_id": "7Server-7.3.AUS:polkit-docs-0:0.112-12.el7_3.1.noarch"
},
"product_reference": "polkit-docs-0:0.112-12.el7_3.1.noarch",
"relates_to_product_reference": "7Server-7.3.AUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2021-4034",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2025869"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.i686",
"7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.src",
"7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.x86_64",
"7Server-7.3.AUS:polkit-debuginfo-0:0.112-12.el7_3.1.i686",
"7Server-7.3.AUS:polkit-debuginfo-0:0.112-12.el7_3.1.x86_64",
"7Server-7.3.AUS:polkit-devel-0:0.112-12.el7_3.1.i686",
"7Server-7.3.AUS:polkit-devel-0:0.112-12.el7_3.1.x86_64",
"7Server-7.3.AUS:polkit-docs-0:0.112-12.el7_3.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4034"
},
{
"category": "external",
"summary": "RHBZ#2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "external",
"summary": "RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034"
},
{
"category": "external",
"summary": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-01-25T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-25T18:21:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.i686",
"7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.src",
"7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.x86_64",
"7Server-7.3.AUS:polkit-debuginfo-0:0.112-12.el7_3.1.i686",
"7Server-7.3.AUS:polkit-debuginfo-0:0.112-12.el7_3.1.x86_64",
"7Server-7.3.AUS:polkit-devel-0:0.112-12.el7_3.1.i686",
"7Server-7.3.AUS:polkit-devel-0:0.112-12.el7_3.1.x86_64",
"7Server-7.3.AUS:polkit-docs-0:0.112-12.el7_3.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0270"
},
{
"category": "workaround",
"details": "For customers who cannot update immediately and doesn\u0027t have Secure Boot feature enabled, the issue can be mitigated by executing the following steps:\n\n1) Install required systemtap packages and dependencies as per - pointed by https://access.redhat.com/solutions/5441\n\n2) Install polkit debug info:\n ~~~\n debuginfo-install polkit\n ~~~\n\n3) Create the following systemtap script, and name it pkexec-block.stp:\n ~~~\n probe process(\"/usr/bin/pkexec\").function(\"main\") {\n if (cmdline_arg(1) == \"\")\n raise(9);\n}\n~~~\n\n4) Load the systemtap module into the running kernel:\n ~~~\n stap -g -F -m stap_pkexec_block pkexec_block.stp\n ~~~\n\n5) Ensure the module is loaded:\n ~~~\n lsmod | grep -i stap_pkexec_block\nstap_pkexec_block 434176 0\n~~~\n\n6) Once polkit package was updated to the version containing the fix, the systemtap generated kernel module can be removed by running:\n ~~~\n rmmod stap_pkexec_block\n ~~~\n\nThis mitigation doesn\u0027t work for Secure Boot enabled system as SystemTap would require an external compiling server to be able to sign the generated kernel module\nwith a key enrolled into the Kernel\u0027s keyring.",
"product_ids": [
"7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.i686",
"7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.src",
"7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.x86_64",
"7Server-7.3.AUS:polkit-debuginfo-0:0.112-12.el7_3.1.i686",
"7Server-7.3.AUS:polkit-debuginfo-0:0.112-12.el7_3.1.x86_64",
"7Server-7.3.AUS:polkit-devel-0:0.112-12.el7_3.1.i686",
"7Server-7.3.AUS:polkit-devel-0:0.112-12.el7_3.1.x86_64",
"7Server-7.3.AUS:polkit-docs-0:0.112-12.el7_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.i686",
"7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.src",
"7Server-7.3.AUS:polkit-0:0.112-12.el7_3.1.x86_64",
"7Server-7.3.AUS:polkit-debuginfo-0:0.112-12.el7_3.1.i686",
"7Server-7.3.AUS:polkit-debuginfo-0:0.112-12.el7_3.1.x86_64",
"7Server-7.3.AUS:polkit-devel-0:0.112-12.el7_3.1.i686",
"7Server-7.3.AUS:polkit-devel-0:0.112-12.el7_3.1.x86_64",
"7Server-7.3.AUS:polkit-docs-0:0.112-12.el7_3.1.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-27T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector"
}
]
}
RHSA-2022_0271
Vulnerability from csaf_redhat - Published: 2022-01-25 18:44 - Updated: 2024-11-15 10:44Summary
Red Hat Security Advisory: polkit security update
Severity
Important
Notes
Topic: An update for polkit is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
7.8 (High)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.AUS:polkit-debuginfo-0:0.112-18.el7_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.AUS:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.AUS:polkit-devel-0:0.112-18.el7_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.AUS:polkit-devel-0:0.112-18.el7_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.AUS:polkit-docs-0:0.112-18.el7_6.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.E4S:polkit-docs-0:0.112-18.el7_6.3.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.TUS:polkit-debuginfo-0:0.112-18.el7_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.TUS:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.TUS:polkit-devel-0:0.112-18.el7_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.TUS:polkit-devel-0:0.112-18.el7_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.6.TUS:polkit-docs-0:0.112-18.el7_6.3.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
12 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for polkit is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.\n\nSecurity Fix(es):\n\n* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0271",
"url": "https://access.redhat.com/errata/RHSA-2022:0271"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0271.json"
}
],
"title": "Red Hat Security Advisory: polkit security update",
"tracking": {
"current_release_date": "2024-11-15T10:44:45+00:00",
"generator": {
"date": "2024-11-15T10:44:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0271",
"initial_release_date": "2022-01-25T18:44:19+00:00",
"revision_history": [
{
"date": "2022-01-25T18:44:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-25T18:44:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T10:44:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.6)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.6)",
"product_id": "7Server-7.6.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product": {
"name": "Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product_id": "7Server-7.6.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server TUS (v. 7.6)",
"product": {
"name": "Red Hat Enterprise Linux Server TUS (v. 7.6)",
"product_id": "7Server-7.6.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.6::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-18.el7_6.3.src",
"product": {
"name": "polkit-0:0.112-18.el7_6.3.src",
"product_id": "polkit-0:0.112-18.el7_6.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-18.el7_6.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-18.el7_6.3.x86_64",
"product": {
"name": "polkit-0:0.112-18.el7_6.3.x86_64",
"product_id": "polkit-0:0.112-18.el7_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-18.el7_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-18.el7_6.3.x86_64",
"product": {
"name": "polkit-devel-0:0.112-18.el7_6.3.x86_64",
"product_id": "polkit-devel-0:0.112-18.el7_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-18.el7_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"product": {
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"product_id": "polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-18.el7_6.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-18.el7_6.3.i686",
"product": {
"name": "polkit-0:0.112-18.el7_6.3.i686",
"product_id": "polkit-0:0.112-18.el7_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-18.el7_6.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-18.el7_6.3.i686",
"product": {
"name": "polkit-devel-0:0.112-18.el7_6.3.i686",
"product_id": "polkit-devel-0:0.112-18.el7_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-18.el7_6.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"product": {
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"product_id": "polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-18.el7_6.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-docs-0:0.112-18.el7_6.3.noarch",
"product": {
"name": "polkit-docs-0:0.112-18.el7_6.3.noarch",
"product_id": "polkit-docs-0:0.112-18.el7_6.3.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-docs@0.112-18.el7_6.3?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-18.el7_6.3.ppc64le",
"product": {
"name": "polkit-0:0.112-18.el7_6.3.ppc64le",
"product_id": "polkit-0:0.112-18.el7_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-18.el7_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-18.el7_6.3.ppc64le",
"product": {
"name": "polkit-devel-0:0.112-18.el7_6.3.ppc64le",
"product_id": "polkit-devel-0:0.112-18.el7_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-18.el7_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.ppc64le",
"product": {
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.ppc64le",
"product_id": "polkit-debuginfo-0:0.112-18.el7_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-18.el7_6.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-18.el7_6.3.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
"product_id": "7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.i686"
},
"product_reference": "polkit-0:0.112-18.el7_6.3.i686",
"relates_to_product_reference": "7Server-7.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-18.el7_6.3.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
"product_id": "7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.src"
},
"product_reference": "polkit-0:0.112-18.el7_6.3.src",
"relates_to_product_reference": "7Server-7.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-18.el7_6.3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
"product_id": "7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.x86_64"
},
"product_reference": "polkit-0:0.112-18.el7_6.3.x86_64",
"relates_to_product_reference": "7Server-7.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
"product_id": "7Server-7.6.AUS:polkit-debuginfo-0:0.112-18.el7_6.3.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"relates_to_product_reference": "7Server-7.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
"product_id": "7Server-7.6.AUS:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"relates_to_product_reference": "7Server-7.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-18.el7_6.3.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
"product_id": "7Server-7.6.AUS:polkit-devel-0:0.112-18.el7_6.3.i686"
},
"product_reference": "polkit-devel-0:0.112-18.el7_6.3.i686",
"relates_to_product_reference": "7Server-7.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-18.el7_6.3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
"product_id": "7Server-7.6.AUS:polkit-devel-0:0.112-18.el7_6.3.x86_64"
},
"product_reference": "polkit-devel-0:0.112-18.el7_6.3.x86_64",
"relates_to_product_reference": "7Server-7.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-18.el7_6.3.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.6)",
"product_id": "7Server-7.6.AUS:polkit-docs-0:0.112-18.el7_6.3.noarch"
},
"product_reference": "polkit-docs-0:0.112-18.el7_6.3.noarch",
"relates_to_product_reference": "7Server-7.6.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-18.el7_6.3.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product_id": "7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.i686"
},
"product_reference": "polkit-0:0.112-18.el7_6.3.i686",
"relates_to_product_reference": "7Server-7.6.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-18.el7_6.3.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product_id": "7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.ppc64le"
},
"product_reference": "polkit-0:0.112-18.el7_6.3.ppc64le",
"relates_to_product_reference": "7Server-7.6.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-18.el7_6.3.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product_id": "7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.src"
},
"product_reference": "polkit-0:0.112-18.el7_6.3.src",
"relates_to_product_reference": "7Server-7.6.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-18.el7_6.3.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product_id": "7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.x86_64"
},
"product_reference": "polkit-0:0.112-18.el7_6.3.x86_64",
"relates_to_product_reference": "7Server-7.6.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product_id": "7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"relates_to_product_reference": "7Server-7.6.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product_id": "7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.ppc64le"
},
"product_reference": "polkit-debuginfo-0:0.112-18.el7_6.3.ppc64le",
"relates_to_product_reference": "7Server-7.6.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product_id": "7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"relates_to_product_reference": "7Server-7.6.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-18.el7_6.3.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product_id": "7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.i686"
},
"product_reference": "polkit-devel-0:0.112-18.el7_6.3.i686",
"relates_to_product_reference": "7Server-7.6.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-18.el7_6.3.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product_id": "7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.ppc64le"
},
"product_reference": "polkit-devel-0:0.112-18.el7_6.3.ppc64le",
"relates_to_product_reference": "7Server-7.6.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-18.el7_6.3.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product_id": "7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.x86_64"
},
"product_reference": "polkit-devel-0:0.112-18.el7_6.3.x86_64",
"relates_to_product_reference": "7Server-7.6.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-18.el7_6.3.noarch as a component of Red Hat Enterprise Linux Server E4S (v. 7.6)",
"product_id": "7Server-7.6.E4S:polkit-docs-0:0.112-18.el7_6.3.noarch"
},
"product_reference": "polkit-docs-0:0.112-18.el7_6.3.noarch",
"relates_to_product_reference": "7Server-7.6.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-18.el7_6.3.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
"product_id": "7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.i686"
},
"product_reference": "polkit-0:0.112-18.el7_6.3.i686",
"relates_to_product_reference": "7Server-7.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-18.el7_6.3.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
"product_id": "7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.src"
},
"product_reference": "polkit-0:0.112-18.el7_6.3.src",
"relates_to_product_reference": "7Server-7.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-18.el7_6.3.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
"product_id": "7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.x86_64"
},
"product_reference": "polkit-0:0.112-18.el7_6.3.x86_64",
"relates_to_product_reference": "7Server-7.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
"product_id": "7Server-7.6.TUS:polkit-debuginfo-0:0.112-18.el7_6.3.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"relates_to_product_reference": "7Server-7.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-18.el7_6.3.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
"product_id": "7Server-7.6.TUS:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"relates_to_product_reference": "7Server-7.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-18.el7_6.3.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
"product_id": "7Server-7.6.TUS:polkit-devel-0:0.112-18.el7_6.3.i686"
},
"product_reference": "polkit-devel-0:0.112-18.el7_6.3.i686",
"relates_to_product_reference": "7Server-7.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-18.el7_6.3.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
"product_id": "7Server-7.6.TUS:polkit-devel-0:0.112-18.el7_6.3.x86_64"
},
"product_reference": "polkit-devel-0:0.112-18.el7_6.3.x86_64",
"relates_to_product_reference": "7Server-7.6.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-18.el7_6.3.noarch as a component of Red Hat Enterprise Linux Server TUS (v. 7.6)",
"product_id": "7Server-7.6.TUS:polkit-docs-0:0.112-18.el7_6.3.noarch"
},
"product_reference": "polkit-docs-0:0.112-18.el7_6.3.noarch",
"relates_to_product_reference": "7Server-7.6.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2021-4034",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2025869"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.i686",
"7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.src",
"7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.AUS:polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"7Server-7.6.AUS:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.AUS:polkit-devel-0:0.112-18.el7_6.3.i686",
"7Server-7.6.AUS:polkit-devel-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.AUS:polkit-docs-0:0.112-18.el7_6.3.noarch",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.i686",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.ppc64le",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.src",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.ppc64le",
"7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.i686",
"7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.ppc64le",
"7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.E4S:polkit-docs-0:0.112-18.el7_6.3.noarch",
"7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.i686",
"7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.src",
"7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.TUS:polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"7Server-7.6.TUS:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.TUS:polkit-devel-0:0.112-18.el7_6.3.i686",
"7Server-7.6.TUS:polkit-devel-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.TUS:polkit-docs-0:0.112-18.el7_6.3.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4034"
},
{
"category": "external",
"summary": "RHBZ#2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "external",
"summary": "RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034"
},
{
"category": "external",
"summary": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-01-25T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-25T18:44:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.i686",
"7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.src",
"7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.AUS:polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"7Server-7.6.AUS:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.AUS:polkit-devel-0:0.112-18.el7_6.3.i686",
"7Server-7.6.AUS:polkit-devel-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.AUS:polkit-docs-0:0.112-18.el7_6.3.noarch",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.i686",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.ppc64le",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.src",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.ppc64le",
"7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.i686",
"7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.ppc64le",
"7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.E4S:polkit-docs-0:0.112-18.el7_6.3.noarch",
"7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.i686",
"7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.src",
"7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.TUS:polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"7Server-7.6.TUS:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.TUS:polkit-devel-0:0.112-18.el7_6.3.i686",
"7Server-7.6.TUS:polkit-devel-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.TUS:polkit-docs-0:0.112-18.el7_6.3.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0271"
},
{
"category": "workaround",
"details": "For customers who cannot update immediately and doesn\u0027t have Secure Boot feature enabled, the issue can be mitigated by executing the following steps:\n\n1) Install required systemtap packages and dependencies as per - pointed by https://access.redhat.com/solutions/5441\n\n2) Install polkit debug info:\n ~~~\n debuginfo-install polkit\n ~~~\n\n3) Create the following systemtap script, and name it pkexec-block.stp:\n ~~~\n probe process(\"/usr/bin/pkexec\").function(\"main\") {\n if (cmdline_arg(1) == \"\")\n raise(9);\n}\n~~~\n\n4) Load the systemtap module into the running kernel:\n ~~~\n stap -g -F -m stap_pkexec_block pkexec_block.stp\n ~~~\n\n5) Ensure the module is loaded:\n ~~~\n lsmod | grep -i stap_pkexec_block\nstap_pkexec_block 434176 0\n~~~\n\n6) Once polkit package was updated to the version containing the fix, the systemtap generated kernel module can be removed by running:\n ~~~\n rmmod stap_pkexec_block\n ~~~\n\nThis mitigation doesn\u0027t work for Secure Boot enabled system as SystemTap would require an external compiling server to be able to sign the generated kernel module\nwith a key enrolled into the Kernel\u0027s keyring.",
"product_ids": [
"7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.i686",
"7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.src",
"7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.AUS:polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"7Server-7.6.AUS:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.AUS:polkit-devel-0:0.112-18.el7_6.3.i686",
"7Server-7.6.AUS:polkit-devel-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.AUS:polkit-docs-0:0.112-18.el7_6.3.noarch",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.i686",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.ppc64le",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.src",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.ppc64le",
"7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.i686",
"7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.ppc64le",
"7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.E4S:polkit-docs-0:0.112-18.el7_6.3.noarch",
"7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.i686",
"7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.src",
"7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.TUS:polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"7Server-7.6.TUS:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.TUS:polkit-devel-0:0.112-18.el7_6.3.i686",
"7Server-7.6.TUS:polkit-devel-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.TUS:polkit-docs-0:0.112-18.el7_6.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.i686",
"7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.src",
"7Server-7.6.AUS:polkit-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.AUS:polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"7Server-7.6.AUS:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.AUS:polkit-devel-0:0.112-18.el7_6.3.i686",
"7Server-7.6.AUS:polkit-devel-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.AUS:polkit-docs-0:0.112-18.el7_6.3.noarch",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.i686",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.ppc64le",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.src",
"7Server-7.6.E4S:polkit-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.ppc64le",
"7Server-7.6.E4S:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.i686",
"7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.ppc64le",
"7Server-7.6.E4S:polkit-devel-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.E4S:polkit-docs-0:0.112-18.el7_6.3.noarch",
"7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.i686",
"7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.src",
"7Server-7.6.TUS:polkit-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.TUS:polkit-debuginfo-0:0.112-18.el7_6.3.i686",
"7Server-7.6.TUS:polkit-debuginfo-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.TUS:polkit-devel-0:0.112-18.el7_6.3.i686",
"7Server-7.6.TUS:polkit-devel-0:0.112-18.el7_6.3.x86_64",
"7Server-7.6.TUS:polkit-docs-0:0.112-18.el7_6.3.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-27T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector"
}
]
}
RHSA-2022_0272
Vulnerability from csaf_redhat - Published: 2022-01-25 18:30 - Updated: 2024-11-15 10:44Summary
Red Hat Security Advisory: polkit security update
Severity
Important
Notes
Topic: An update for polkit is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
7.8 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:polkit-debuginfo-0:0.112-12.el7_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:polkit-debuginfo-0:0.112-12.el7_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:polkit-devel-0:0.112-12.el7_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:polkit-devel-0:0.112-12.el7_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:polkit-docs-0:0.112-12.el7_4.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
12 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for polkit is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.\n\nSecurity Fix(es):\n\n* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0272",
"url": "https://access.redhat.com/errata/RHSA-2022:0272"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0272.json"
}
],
"title": "Red Hat Security Advisory: polkit security update",
"tracking": {
"current_release_date": "2024-11-15T10:44:38+00:00",
"generator": {
"date": "2024-11-15T10:44:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0272",
"initial_release_date": "2022-01-25T18:30:35+00:00",
"revision_history": [
{
"date": "2022-01-25T18:30:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-25T18:30:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T10:44:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.4::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-12.el7_4.2.src",
"product": {
"name": "polkit-0:0.112-12.el7_4.2.src",
"product_id": "polkit-0:0.112-12.el7_4.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-12.el7_4.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-12.el7_4.2.x86_64",
"product": {
"name": "polkit-0:0.112-12.el7_4.2.x86_64",
"product_id": "polkit-0:0.112-12.el7_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-12.el7_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-12.el7_4.2.x86_64",
"product": {
"name": "polkit-devel-0:0.112-12.el7_4.2.x86_64",
"product_id": "polkit-devel-0:0.112-12.el7_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-12.el7_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-12.el7_4.2.x86_64",
"product": {
"name": "polkit-debuginfo-0:0.112-12.el7_4.2.x86_64",
"product_id": "polkit-debuginfo-0:0.112-12.el7_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-12.el7_4.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-12.el7_4.2.i686",
"product": {
"name": "polkit-0:0.112-12.el7_4.2.i686",
"product_id": "polkit-0:0.112-12.el7_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-12.el7_4.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-12.el7_4.2.i686",
"product": {
"name": "polkit-devel-0:0.112-12.el7_4.2.i686",
"product_id": "polkit-devel-0:0.112-12.el7_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-12.el7_4.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-12.el7_4.2.i686",
"product": {
"name": "polkit-debuginfo-0:0.112-12.el7_4.2.i686",
"product_id": "polkit-debuginfo-0:0.112-12.el7_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-12.el7_4.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-docs-0:0.112-12.el7_4.2.noarch",
"product": {
"name": "polkit-docs-0:0.112-12.el7_4.2.noarch",
"product_id": "polkit-docs-0:0.112-12.el7_4.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-docs@0.112-12.el7_4.2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-12.el7_4.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.i686"
},
"product_reference": "polkit-0:0.112-12.el7_4.2.i686",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-12.el7_4.2.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.src"
},
"product_reference": "polkit-0:0.112-12.el7_4.2.src",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-12.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.x86_64"
},
"product_reference": "polkit-0:0.112-12.el7_4.2.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-12.el7_4.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:polkit-debuginfo-0:0.112-12.el7_4.2.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-12.el7_4.2.i686",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-12.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:polkit-debuginfo-0:0.112-12.el7_4.2.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-12.el7_4.2.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-12.el7_4.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:polkit-devel-0:0.112-12.el7_4.2.i686"
},
"product_reference": "polkit-devel-0:0.112-12.el7_4.2.i686",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-12.el7_4.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:polkit-devel-0:0.112-12.el7_4.2.x86_64"
},
"product_reference": "polkit-devel-0:0.112-12.el7_4.2.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-12.el7_4.2.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:polkit-docs-0:0.112-12.el7_4.2.noarch"
},
"product_reference": "polkit-docs-0:0.112-12.el7_4.2.noarch",
"relates_to_product_reference": "7Server-7.4.AUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2021-4034",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2025869"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.i686",
"7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.src",
"7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.x86_64",
"7Server-7.4.AUS:polkit-debuginfo-0:0.112-12.el7_4.2.i686",
"7Server-7.4.AUS:polkit-debuginfo-0:0.112-12.el7_4.2.x86_64",
"7Server-7.4.AUS:polkit-devel-0:0.112-12.el7_4.2.i686",
"7Server-7.4.AUS:polkit-devel-0:0.112-12.el7_4.2.x86_64",
"7Server-7.4.AUS:polkit-docs-0:0.112-12.el7_4.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4034"
},
{
"category": "external",
"summary": "RHBZ#2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "external",
"summary": "RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034"
},
{
"category": "external",
"summary": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-01-25T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-25T18:30:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.i686",
"7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.src",
"7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.x86_64",
"7Server-7.4.AUS:polkit-debuginfo-0:0.112-12.el7_4.2.i686",
"7Server-7.4.AUS:polkit-debuginfo-0:0.112-12.el7_4.2.x86_64",
"7Server-7.4.AUS:polkit-devel-0:0.112-12.el7_4.2.i686",
"7Server-7.4.AUS:polkit-devel-0:0.112-12.el7_4.2.x86_64",
"7Server-7.4.AUS:polkit-docs-0:0.112-12.el7_4.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0272"
},
{
"category": "workaround",
"details": "For customers who cannot update immediately and doesn\u0027t have Secure Boot feature enabled, the issue can be mitigated by executing the following steps:\n\n1) Install required systemtap packages and dependencies as per - pointed by https://access.redhat.com/solutions/5441\n\n2) Install polkit debug info:\n ~~~\n debuginfo-install polkit\n ~~~\n\n3) Create the following systemtap script, and name it pkexec-block.stp:\n ~~~\n probe process(\"/usr/bin/pkexec\").function(\"main\") {\n if (cmdline_arg(1) == \"\")\n raise(9);\n}\n~~~\n\n4) Load the systemtap module into the running kernel:\n ~~~\n stap -g -F -m stap_pkexec_block pkexec_block.stp\n ~~~\n\n5) Ensure the module is loaded:\n ~~~\n lsmod | grep -i stap_pkexec_block\nstap_pkexec_block 434176 0\n~~~\n\n6) Once polkit package was updated to the version containing the fix, the systemtap generated kernel module can be removed by running:\n ~~~\n rmmod stap_pkexec_block\n ~~~\n\nThis mitigation doesn\u0027t work for Secure Boot enabled system as SystemTap would require an external compiling server to be able to sign the generated kernel module\nwith a key enrolled into the Kernel\u0027s keyring.",
"product_ids": [
"7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.i686",
"7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.src",
"7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.x86_64",
"7Server-7.4.AUS:polkit-debuginfo-0:0.112-12.el7_4.2.i686",
"7Server-7.4.AUS:polkit-debuginfo-0:0.112-12.el7_4.2.x86_64",
"7Server-7.4.AUS:polkit-devel-0:0.112-12.el7_4.2.i686",
"7Server-7.4.AUS:polkit-devel-0:0.112-12.el7_4.2.x86_64",
"7Server-7.4.AUS:polkit-docs-0:0.112-12.el7_4.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.i686",
"7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.src",
"7Server-7.4.AUS:polkit-0:0.112-12.el7_4.2.x86_64",
"7Server-7.4.AUS:polkit-debuginfo-0:0.112-12.el7_4.2.i686",
"7Server-7.4.AUS:polkit-debuginfo-0:0.112-12.el7_4.2.x86_64",
"7Server-7.4.AUS:polkit-devel-0:0.112-12.el7_4.2.i686",
"7Server-7.4.AUS:polkit-devel-0:0.112-12.el7_4.2.x86_64",
"7Server-7.4.AUS:polkit-docs-0:0.112-12.el7_4.2.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-27T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector"
}
]
}
RHSA-2022_0273
Vulnerability from csaf_redhat - Published: 2022-01-25 19:07 - Updated: 2024-11-15 10:44Summary
Red Hat Security Advisory: polkit security update
Severity
Important
Notes
Topic: An update for polkit is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
7.8 (High)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:polkit-debuginfo-0:0.112-22.el7_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:polkit-devel-0:0.112-22.el7_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:polkit-devel-0:0.112-22.el7_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.AUS:polkit-docs-0:0.112-22.el7_7.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.E4S:polkit-docs-0:0.112-22.el7_7.2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.TUS:polkit-debuginfo-0:0.112-22.el7_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.TUS:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.TUS:polkit-devel-0:0.112-22.el7_7.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.TUS:polkit-devel-0:0.112-22.el7_7.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.7.TUS:polkit-docs-0:0.112-22.el7_7.2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
12 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for polkit is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.\n\nSecurity Fix(es):\n\n* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0273",
"url": "https://access.redhat.com/errata/RHSA-2022:0273"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0273.json"
}
],
"title": "Red Hat Security Advisory: polkit security update",
"tracking": {
"current_release_date": "2024-11-15T10:44:24+00:00",
"generator": {
"date": "2024-11-15T10:44:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0273",
"initial_release_date": "2022-01-25T19:07:00+00:00",
"revision_history": [
{
"date": "2022-01-25T19:07:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-25T19:07:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T10:44:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product": {
"name": "Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product_id": "7Server-7.7.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server TUS (v. 7.7)",
"product": {
"name": "Red Hat Enterprise Linux Server TUS (v. 7.7)",
"product_id": "7Server-7.7.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-22.el7_7.2.src",
"product": {
"name": "polkit-0:0.112-22.el7_7.2.src",
"product_id": "polkit-0:0.112-22.el7_7.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-22.el7_7.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-22.el7_7.2.x86_64",
"product": {
"name": "polkit-0:0.112-22.el7_7.2.x86_64",
"product_id": "polkit-0:0.112-22.el7_7.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-22.el7_7.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-22.el7_7.2.x86_64",
"product": {
"name": "polkit-devel-0:0.112-22.el7_7.2.x86_64",
"product_id": "polkit-devel-0:0.112-22.el7_7.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-22.el7_7.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"product": {
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"product_id": "polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-22.el7_7.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-22.el7_7.2.i686",
"product": {
"name": "polkit-0:0.112-22.el7_7.2.i686",
"product_id": "polkit-0:0.112-22.el7_7.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-22.el7_7.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-22.el7_7.2.i686",
"product": {
"name": "polkit-devel-0:0.112-22.el7_7.2.i686",
"product_id": "polkit-devel-0:0.112-22.el7_7.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-22.el7_7.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"product": {
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"product_id": "polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-22.el7_7.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-docs-0:0.112-22.el7_7.2.noarch",
"product": {
"name": "polkit-docs-0:0.112-22.el7_7.2.noarch",
"product_id": "polkit-docs-0:0.112-22.el7_7.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-docs@0.112-22.el7_7.2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-22.el7_7.2.ppc64le",
"product": {
"name": "polkit-0:0.112-22.el7_7.2.ppc64le",
"product_id": "polkit-0:0.112-22.el7_7.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-22.el7_7.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-22.el7_7.2.ppc64le",
"product": {
"name": "polkit-devel-0:0.112-22.el7_7.2.ppc64le",
"product_id": "polkit-devel-0:0.112-22.el7_7.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-22.el7_7.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.ppc64le",
"product": {
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.ppc64le",
"product_id": "polkit-debuginfo-0:0.112-22.el7_7.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-22.el7_7.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-22.el7_7.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.i686"
},
"product_reference": "polkit-0:0.112-22.el7_7.2.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-22.el7_7.2.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.src"
},
"product_reference": "polkit-0:0.112-22.el7_7.2.src",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-22.el7_7.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.x86_64"
},
"product_reference": "polkit-0:0.112-22.el7_7.2.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:polkit-debuginfo-0:0.112-22.el7_7.2.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-22.el7_7.2.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:polkit-devel-0:0.112-22.el7_7.2.i686"
},
"product_reference": "polkit-devel-0:0.112-22.el7_7.2.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-22.el7_7.2.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:polkit-devel-0:0.112-22.el7_7.2.x86_64"
},
"product_reference": "polkit-devel-0:0.112-22.el7_7.2.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-22.el7_7.2.noarch as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:polkit-docs-0:0.112-22.el7_7.2.noarch"
},
"product_reference": "polkit-docs-0:0.112-22.el7_7.2.noarch",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-22.el7_7.2.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product_id": "7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.i686"
},
"product_reference": "polkit-0:0.112-22.el7_7.2.i686",
"relates_to_product_reference": "7Server-7.7.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-22.el7_7.2.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product_id": "7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.ppc64le"
},
"product_reference": "polkit-0:0.112-22.el7_7.2.ppc64le",
"relates_to_product_reference": "7Server-7.7.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-22.el7_7.2.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product_id": "7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.src"
},
"product_reference": "polkit-0:0.112-22.el7_7.2.src",
"relates_to_product_reference": "7Server-7.7.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-22.el7_7.2.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product_id": "7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.x86_64"
},
"product_reference": "polkit-0:0.112-22.el7_7.2.x86_64",
"relates_to_product_reference": "7Server-7.7.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product_id": "7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"relates_to_product_reference": "7Server-7.7.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product_id": "7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.ppc64le"
},
"product_reference": "polkit-debuginfo-0:0.112-22.el7_7.2.ppc64le",
"relates_to_product_reference": "7Server-7.7.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product_id": "7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"relates_to_product_reference": "7Server-7.7.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-22.el7_7.2.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product_id": "7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.i686"
},
"product_reference": "polkit-devel-0:0.112-22.el7_7.2.i686",
"relates_to_product_reference": "7Server-7.7.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-22.el7_7.2.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product_id": "7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.ppc64le"
},
"product_reference": "polkit-devel-0:0.112-22.el7_7.2.ppc64le",
"relates_to_product_reference": "7Server-7.7.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-22.el7_7.2.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product_id": "7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.x86_64"
},
"product_reference": "polkit-devel-0:0.112-22.el7_7.2.x86_64",
"relates_to_product_reference": "7Server-7.7.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-22.el7_7.2.noarch as a component of Red Hat Enterprise Linux Server E4S (v. 7.7)",
"product_id": "7Server-7.7.E4S:polkit-docs-0:0.112-22.el7_7.2.noarch"
},
"product_reference": "polkit-docs-0:0.112-22.el7_7.2.noarch",
"relates_to_product_reference": "7Server-7.7.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-22.el7_7.2.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.7)",
"product_id": "7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.i686"
},
"product_reference": "polkit-0:0.112-22.el7_7.2.i686",
"relates_to_product_reference": "7Server-7.7.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-22.el7_7.2.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.7)",
"product_id": "7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.src"
},
"product_reference": "polkit-0:0.112-22.el7_7.2.src",
"relates_to_product_reference": "7Server-7.7.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-22.el7_7.2.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.7)",
"product_id": "7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.x86_64"
},
"product_reference": "polkit-0:0.112-22.el7_7.2.x86_64",
"relates_to_product_reference": "7Server-7.7.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.7)",
"product_id": "7Server-7.7.TUS:polkit-debuginfo-0:0.112-22.el7_7.2.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"relates_to_product_reference": "7Server-7.7.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-22.el7_7.2.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.7)",
"product_id": "7Server-7.7.TUS:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"relates_to_product_reference": "7Server-7.7.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-22.el7_7.2.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.7)",
"product_id": "7Server-7.7.TUS:polkit-devel-0:0.112-22.el7_7.2.i686"
},
"product_reference": "polkit-devel-0:0.112-22.el7_7.2.i686",
"relates_to_product_reference": "7Server-7.7.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-22.el7_7.2.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.7)",
"product_id": "7Server-7.7.TUS:polkit-devel-0:0.112-22.el7_7.2.x86_64"
},
"product_reference": "polkit-devel-0:0.112-22.el7_7.2.x86_64",
"relates_to_product_reference": "7Server-7.7.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-22.el7_7.2.noarch as a component of Red Hat Enterprise Linux Server TUS (v. 7.7)",
"product_id": "7Server-7.7.TUS:polkit-docs-0:0.112-22.el7_7.2.noarch"
},
"product_reference": "polkit-docs-0:0.112-22.el7_7.2.noarch",
"relates_to_product_reference": "7Server-7.7.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2021-4034",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2025869"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.i686",
"7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.src",
"7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.AUS:polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"7Server-7.7.AUS:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.AUS:polkit-devel-0:0.112-22.el7_7.2.i686",
"7Server-7.7.AUS:polkit-devel-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.AUS:polkit-docs-0:0.112-22.el7_7.2.noarch",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.i686",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.ppc64le",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.src",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.ppc64le",
"7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.i686",
"7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.ppc64le",
"7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.E4S:polkit-docs-0:0.112-22.el7_7.2.noarch",
"7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.i686",
"7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.src",
"7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.TUS:polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"7Server-7.7.TUS:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.TUS:polkit-devel-0:0.112-22.el7_7.2.i686",
"7Server-7.7.TUS:polkit-devel-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.TUS:polkit-docs-0:0.112-22.el7_7.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4034"
},
{
"category": "external",
"summary": "RHBZ#2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "external",
"summary": "RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034"
},
{
"category": "external",
"summary": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-01-25T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-25T19:07:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.i686",
"7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.src",
"7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.AUS:polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"7Server-7.7.AUS:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.AUS:polkit-devel-0:0.112-22.el7_7.2.i686",
"7Server-7.7.AUS:polkit-devel-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.AUS:polkit-docs-0:0.112-22.el7_7.2.noarch",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.i686",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.ppc64le",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.src",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.ppc64le",
"7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.i686",
"7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.ppc64le",
"7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.E4S:polkit-docs-0:0.112-22.el7_7.2.noarch",
"7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.i686",
"7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.src",
"7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.TUS:polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"7Server-7.7.TUS:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.TUS:polkit-devel-0:0.112-22.el7_7.2.i686",
"7Server-7.7.TUS:polkit-devel-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.TUS:polkit-docs-0:0.112-22.el7_7.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0273"
},
{
"category": "workaround",
"details": "For customers who cannot update immediately and doesn\u0027t have Secure Boot feature enabled, the issue can be mitigated by executing the following steps:\n\n1) Install required systemtap packages and dependencies as per - pointed by https://access.redhat.com/solutions/5441\n\n2) Install polkit debug info:\n ~~~\n debuginfo-install polkit\n ~~~\n\n3) Create the following systemtap script, and name it pkexec-block.stp:\n ~~~\n probe process(\"/usr/bin/pkexec\").function(\"main\") {\n if (cmdline_arg(1) == \"\")\n raise(9);\n}\n~~~\n\n4) Load the systemtap module into the running kernel:\n ~~~\n stap -g -F -m stap_pkexec_block pkexec_block.stp\n ~~~\n\n5) Ensure the module is loaded:\n ~~~\n lsmod | grep -i stap_pkexec_block\nstap_pkexec_block 434176 0\n~~~\n\n6) Once polkit package was updated to the version containing the fix, the systemtap generated kernel module can be removed by running:\n ~~~\n rmmod stap_pkexec_block\n ~~~\n\nThis mitigation doesn\u0027t work for Secure Boot enabled system as SystemTap would require an external compiling server to be able to sign the generated kernel module\nwith a key enrolled into the Kernel\u0027s keyring.",
"product_ids": [
"7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.i686",
"7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.src",
"7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.AUS:polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"7Server-7.7.AUS:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.AUS:polkit-devel-0:0.112-22.el7_7.2.i686",
"7Server-7.7.AUS:polkit-devel-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.AUS:polkit-docs-0:0.112-22.el7_7.2.noarch",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.i686",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.ppc64le",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.src",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.ppc64le",
"7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.i686",
"7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.ppc64le",
"7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.E4S:polkit-docs-0:0.112-22.el7_7.2.noarch",
"7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.i686",
"7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.src",
"7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.TUS:polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"7Server-7.7.TUS:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.TUS:polkit-devel-0:0.112-22.el7_7.2.i686",
"7Server-7.7.TUS:polkit-devel-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.TUS:polkit-docs-0:0.112-22.el7_7.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.i686",
"7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.src",
"7Server-7.7.AUS:polkit-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.AUS:polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"7Server-7.7.AUS:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.AUS:polkit-devel-0:0.112-22.el7_7.2.i686",
"7Server-7.7.AUS:polkit-devel-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.AUS:polkit-docs-0:0.112-22.el7_7.2.noarch",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.i686",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.ppc64le",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.src",
"7Server-7.7.E4S:polkit-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.ppc64le",
"7Server-7.7.E4S:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.i686",
"7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.ppc64le",
"7Server-7.7.E4S:polkit-devel-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.E4S:polkit-docs-0:0.112-22.el7_7.2.noarch",
"7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.i686",
"7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.src",
"7Server-7.7.TUS:polkit-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.TUS:polkit-debuginfo-0:0.112-22.el7_7.2.i686",
"7Server-7.7.TUS:polkit-debuginfo-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.TUS:polkit-devel-0:0.112-22.el7_7.2.i686",
"7Server-7.7.TUS:polkit-devel-0:0.112-22.el7_7.2.x86_64",
"7Server-7.7.TUS:polkit-docs-0:0.112-22.el7_7.2.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-27T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector"
}
]
}
RHSA-2022_0274
Vulnerability from csaf_redhat - Published: 2022-01-25 20:10 - Updated: 2024-11-15 10:44Summary
Red Hat Security Advisory: polkit security update
Severity
Important
Notes
Topic: An update for polkit is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
7.8 (High)
Affected products
Fixed
115 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
12 references
Acknowledgments
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for polkit is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.\n\nSecurity Fix(es):\n\n* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0274",
"url": "https://access.redhat.com/errata/RHSA-2022:0274"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0274.json"
}
],
"title": "Red Hat Security Advisory: polkit security update",
"tracking": {
"current_release_date": "2024-11-15T10:44:31+00:00",
"generator": {
"date": "2024-11-15T10:44:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0274",
"initial_release_date": "2022-01-25T20:10:56+00:00",
"revision_history": [
{
"date": "2022-01-25T20:10:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-01-25T20:10:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T10:44:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-26.el7_9.1.src",
"product": {
"name": "polkit-0:0.112-26.el7_9.1.src",
"product_id": "polkit-0:0.112-26.el7_9.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-26.el7_9.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-26.el7_9.1.x86_64",
"product": {
"name": "polkit-0:0.112-26.el7_9.1.x86_64",
"product_id": "polkit-0:0.112-26.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-26.el7_9.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"product": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"product_id": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-26.el7_9.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-26.el7_9.1.x86_64",
"product": {
"name": "polkit-devel-0:0.112-26.el7_9.1.x86_64",
"product_id": "polkit-devel-0:0.112-26.el7_9.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-26.el7_9.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-26.el7_9.1.i686",
"product": {
"name": "polkit-0:0.112-26.el7_9.1.i686",
"product_id": "polkit-0:0.112-26.el7_9.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-26.el7_9.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"product": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"product_id": "polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-26.el7_9.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-26.el7_9.1.i686",
"product": {
"name": "polkit-devel-0:0.112-26.el7_9.1.i686",
"product_id": "polkit-devel-0:0.112-26.el7_9.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-26.el7_9.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-docs-0:0.112-26.el7_9.1.noarch",
"product": {
"name": "polkit-docs-0:0.112-26.el7_9.1.noarch",
"product_id": "polkit-docs-0:0.112-26.el7_9.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-docs@0.112-26.el7_9.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-26.el7_9.1.ppc",
"product": {
"name": "polkit-0:0.112-26.el7_9.1.ppc",
"product_id": "polkit-0:0.112-26.el7_9.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-26.el7_9.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc",
"product": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc",
"product_id": "polkit-devel-0:0.112-26.el7_9.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-26.el7_9.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"product": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"product_id": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-26.el7_9.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-26.el7_9.1.ppc64",
"product": {
"name": "polkit-0:0.112-26.el7_9.1.ppc64",
"product_id": "polkit-0:0.112-26.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-26.el7_9.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64",
"product": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64",
"product_id": "polkit-devel-0:0.112-26.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-26.el7_9.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"product": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"product_id": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-26.el7_9.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-26.el7_9.1.ppc64le",
"product": {
"name": "polkit-0:0.112-26.el7_9.1.ppc64le",
"product_id": "polkit-0:0.112-26.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-26.el7_9.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"product": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"product_id": "polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-26.el7_9.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"product": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"product_id": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-26.el7_9.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-26.el7_9.1.s390",
"product": {
"name": "polkit-0:0.112-26.el7_9.1.s390",
"product_id": "polkit-0:0.112-26.el7_9.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-26.el7_9.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-26.el7_9.1.s390",
"product": {
"name": "polkit-devel-0:0.112-26.el7_9.1.s390",
"product_id": "polkit-devel-0:0.112-26.el7_9.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-26.el7_9.1?arch=s390"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"product": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"product_id": "polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-26.el7_9.1?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "polkit-0:0.112-26.el7_9.1.s390x",
"product": {
"name": "polkit-0:0.112-26.el7_9.1.s390x",
"product_id": "polkit-0:0.112-26.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit@0.112-26.el7_9.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "polkit-devel-0:0.112-26.el7_9.1.s390x",
"product": {
"name": "polkit-devel-0:0.112-26.el7_9.1.s390x",
"product_id": "polkit-devel-0:0.112-26.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-devel@0.112-26.el7_9.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"product": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"product_id": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/polkit-debuginfo@0.112-26.el7_9.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.src"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-26.el7_9.1.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch"
},
"product_reference": "polkit-docs-0:0.112-26.el7_9.1.noarch",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.src"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-26.el7_9.1.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch"
},
"product_reference": "polkit-docs-0:0.112-26.el7_9.1.noarch",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.src"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.src",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-26.el7_9.1.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch"
},
"product_reference": "polkit-docs-0:0.112-26.el7_9.1.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.src"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-26.el7_9.1.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch"
},
"product_reference": "polkit-docs-0:0.112-26.el7_9.1.noarch",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.src"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-devel-0:0.112-26.el7_9.1.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64"
},
"product_reference": "polkit-devel-0:0.112-26.el7_9.1.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "polkit-docs-0:0.112-26.el7_9.1.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch"
},
"product_reference": "polkit-docs-0:0.112-26.el7_9.1.noarch",
"relates_to_product_reference": "7Workstation-7.9.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2021-4034",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2025869"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Client-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Client-optional-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7ComputeNode-optional-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Server-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Workstation-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4034"
},
{
"category": "external",
"summary": "RHBZ#2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "external",
"summary": "RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034"
},
{
"category": "external",
"summary": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-01-25T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-01-25T20:10:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Client-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Client-optional-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7ComputeNode-optional-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Server-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Workstation-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0274"
},
{
"category": "workaround",
"details": "For customers who cannot update immediately and doesn\u0027t have Secure Boot feature enabled, the issue can be mitigated by executing the following steps:\n\n1) Install required systemtap packages and dependencies as per - pointed by https://access.redhat.com/solutions/5441\n\n2) Install polkit debug info:\n ~~~\n debuginfo-install polkit\n ~~~\n\n3) Create the following systemtap script, and name it pkexec-block.stp:\n ~~~\n probe process(\"/usr/bin/pkexec\").function(\"main\") {\n if (cmdline_arg(1) == \"\")\n raise(9);\n}\n~~~\n\n4) Load the systemtap module into the running kernel:\n ~~~\n stap -g -F -m stap_pkexec_block pkexec_block.stp\n ~~~\n\n5) Ensure the module is loaded:\n ~~~\n lsmod | grep -i stap_pkexec_block\nstap_pkexec_block 434176 0\n~~~\n\n6) Once polkit package was updated to the version containing the fix, the systemtap generated kernel module can be removed by running:\n ~~~\n rmmod stap_pkexec_block\n ~~~\n\nThis mitigation doesn\u0027t work for Secure Boot enabled system as SystemTap would require an external compiling server to be able to sign the generated kernel module\nwith a key enrolled into the Kernel\u0027s keyring.",
"product_ids": [
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Client-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Client-optional-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7ComputeNode-optional-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Server-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Workstation-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Client-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Client-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Client-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Client-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Client-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Client-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Client-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Client-optional-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7ComputeNode-optional-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7ComputeNode-optional-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7ComputeNode-optional-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7ComputeNode-optional-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Server-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Server-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Server-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Server-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.i686",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.ppc64le",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.s390",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.s390x",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.src",
"7Workstation-7.9.Z:polkit-0:0.112-26.el7_9.1.x86_64",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.i686",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.ppc64le",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.s390x",
"7Workstation-7.9.Z:polkit-debuginfo-0:0.112-26.el7_9.1.x86_64",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.i686",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.ppc64le",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.s390x",
"7Workstation-7.9.Z:polkit-devel-0:0.112-26.el7_9.1.x86_64",
"7Workstation-7.9.Z:polkit-docs-0:0.112-26.el7_9.1.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-27T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector"
}
]
}
RHSA-2022_0443
Vulnerability from csaf_redhat - Published: 2022-02-07 10:46 - Updated: 2024-11-15 10:46Summary
Red Hat Security Advisory: RHV-H security update (redhat-virtualization-host) 4.3.21
Severity
Important
Notes
Topic: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The redhat-virtualization-host packages provide the Red Hat Virtualization Host.
These packages include redhat-release-virtualization-host. Red Hat
Virtualization Hosts (RHVH) are installed using a special build of Red Hat
Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and
performing administrative tasks.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)
* samba: Active Directory (AD) domain user could become root on domain members (CVE-2020-25717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch | — |
Vendor Fix
fix
Workaround
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch | — |
Workaround
|
Threats
Impact
Important
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch | — |
Vendor Fix
fix
Workaround
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.src | — |
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
18 references
Acknowledgments
the Samba project
Catalyst and the Samba Team
Andrew Bartlett
Qualys Research Labs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host.\nThese packages include redhat-release-virtualization-host. Red Hat\nVirtualization Hosts (RHVH) are installed using a special build of Red Hat\nEnterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and\nperforming administrative tasks.\n\nSecurity Fix(es):\n\n* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)\n\n* samba: Active Directory (AD) domain user could become root on domain members (CVE-2020-25717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0443",
"url": "https://access.redhat.com/errata/RHSA-2022:0443"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "2019672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019672"
},
{
"category": "external",
"summary": "2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0443.json"
}
],
"title": "Red Hat Security Advisory: RHV-H security update (redhat-virtualization-host) 4.3.21",
"tracking": {
"current_release_date": "2024-11-15T10:46:38+00:00",
"generator": {
"date": "2024-11-15T10:46:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0443",
"initial_release_date": "2022-02-07T10:46:52+00:00",
"revision_history": [
{
"date": "2022-02-07T10:46:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-02-07T10:46:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T10:46:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
},
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.3.21-1.el7ev.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.3.21-1.el7ev.src",
"product_id": "redhat-release-virtualization-host-0:4.3.21-1.el7ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.3.21-1.el7ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"product": {
"name": "redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"product_id": "redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.3.21-20220126.0.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.3.21-1.el7ev?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.3.21-1.el7ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"product_id": "redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.3.21-20220126.0.el7_9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src"
},
"product_reference": "redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch as a component of Red Hat Virtualization 4 Hypervisor for RHEL 7",
"product_id": "7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"relates_to_product_reference": "7Server-RHEV-4-Hypervisor-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.3.21-1.el7ev.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.3.21-1.el7ev.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64 as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src"
},
"product_reference": "redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch as a component of RHEL 7-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch",
"relates_to_product_reference": "7Server-RHEV-4-HypervisorBuild-7"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Samba project"
]
},
{
"names": [
"Andrew Bartlett"
],
"organization": "Catalyst and the Samba Team"
}
],
"cve": "CVE-2020-25717",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019672"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "samba: Active Directory (AD) domain user could become root on domain members",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch"
],
"known_not_affected": [
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25717"
},
{
"category": "external",
"summary": "RHBZ#2019672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019672"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25717"
},
{
"category": "external",
"summary": "https://www.samba.org/samba/security/CVE-2020-25717.html",
"url": "https://www.samba.org/samba/security/CVE-2020-25717.html"
}
],
"release_date": "2021-11-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-02-07T10:46:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0443"
},
{
"category": "workaround",
"details": "Setting \"gensec:require_pac=true\" in the smb.conf makes, due to a cache prime in winbind, the DOMAIN\\user lookup succeed, provided nss_winbind is in use, \u0027winbind use default domain = no\u0027 (the default) and no error paths are hit. \n\nIt would be prudent to pre-create disabled users in Active Directory matching on all privileged names not held in Active Directory, eg \n~~~\n samba-tool user add root -H ldap://$SERVER -U$USERNAME%$PASSWORD --random-password\n samba-tool user add ubuntu -H ldap://$SERVER -U$USERNAME%$PASSWORD --random-password\n ~~~\n (repeat for eg all system users under 1000 in /etc/passwd or special to any other AD-connected services, eg perhaps \"admin\" for a web-app)",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "samba: Active Directory (AD) domain user could become root on domain members"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2021-4034",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2025869"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch"
],
"known_not_affected": [
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4034"
},
{
"category": "external",
"summary": "RHBZ#2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "external",
"summary": "RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034"
},
{
"category": "external",
"summary": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-01-25T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-02-07T10:46:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0443"
},
{
"category": "workaround",
"details": "For customers who cannot update immediately and doesn\u0027t have Secure Boot feature enabled, the issue can be mitigated by executing the following steps:\n\n1) Install required systemtap packages and dependencies as per - pointed by https://access.redhat.com/solutions/5441\n\n2) Install polkit debug info:\n ~~~\n debuginfo-install polkit\n ~~~\n\n3) Create the following systemtap script, and name it pkexec-block.stp:\n ~~~\n probe process(\"/usr/bin/pkexec\").function(\"main\") {\n if (cmdline_arg(1) == \"\")\n raise(9);\n}\n~~~\n\n4) Load the systemtap module into the running kernel:\n ~~~\n stap -g -F -m stap_pkexec_block pkexec_block.stp\n ~~~\n\n5) Ensure the module is loaded:\n ~~~\n lsmod | grep -i stap_pkexec_block\nstap_pkexec_block 434176 0\n~~~\n\n6) Once polkit package was updated to the version containing the fix, the systemtap generated kernel module can be removed by running:\n ~~~\n rmmod stap_pkexec_block\n ~~~\n\nThis mitigation doesn\u0027t work for Secure Boot enabled system as SystemTap would require an external compiling server to be able to sign the generated kernel module\nwith a key enrolled into the Kernel\u0027s keyring.",
"product_ids": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-release-virtualization-host-0:4.3.21-1.el7ev.x86_64",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-placeholder-0:4.3.21-1.el7ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-Hypervisor-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-0:4.3.21-20220126.0.el7_9.src",
"7Server-RHEV-4-HypervisorBuild-7:redhat-virtualization-host-image-update-0:4.3.21-20220126.0.el7_9.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-27T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector"
}
]
}
RHSA-2022_0540
Vulnerability from csaf_redhat - Published: 2022-02-15 11:01 - Updated: 2024-11-15 10:47Summary
Red Hat Security Advisory: Red Hat Virtualization Host security update [ovirt-4.4.10-1]
Severity
Important
Notes
Topic: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Security Fix(es):
* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)
* kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)
* aide: heap-based buffer overflow on outputs larger than B64_BUF (CVE-2021-45417)
* kernel: fs_context: heap overflow in legacy parameter handling (CVE-2022-0185)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rebased wget package and its dependencies for the same version shipped with recent RHEL. (BZ#2030082)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.
5.5 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch | — |
Workaround
|
Threats
Impact
Important
A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large (<16k) extended file attributes or ACL.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src | — | ||
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src | — | ||
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64 | — | ||
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch | — |
Threats
Impact
Important
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
7.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
34 references
Acknowledgments
Qualys Research Labs
Virtuozzo Kernel team
Kirill Tkhai
willsroot@protonmail.com
William Liu
jamie@hill-daniel.co.uk
Jamie Hill-Daniel
isaac.badipe@gmail.com
Isaac Badipe
alecthechop@gmail.com
Alec Petridis
misetichrvoje@gmail.com
Hrvoje Mišetić
g@gnk.io
Philip Papurt
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nSecurity Fix(es):\n\n* polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)\n\n* kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)\n\n* aide: heap-based buffer overflow on outputs larger than B64_BUF (CVE-2021-45417)\n\n* kernel: fs_context: heap overflow in legacy parameter handling (CVE-2022-0185)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebased wget package and its dependencies for the same version shipped with recent RHEL. (BZ#2030082)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0540",
"url": "https://access.redhat.com/errata/RHSA-2022:0540"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "external",
"summary": "2030082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030082"
},
{
"category": "external",
"summary": "2034685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034685"
},
{
"category": "external",
"summary": "2034813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813"
},
{
"category": "external",
"summary": "2040358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040358"
},
{
"category": "external",
"summary": "2041489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041489"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0540.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Virtualization Host security update [ovirt-4.4.10-1]",
"tracking": {
"current_release_date": "2024-11-15T10:47:20+00:00",
"generator": {
"date": "2024-11-15T10:47:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0540",
"initial_release_date": "2022-02-15T11:01:25+00:00",
"revision_history": [
{
"date": "2022-02-15T11:01:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-02-15T11:01:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T10:47:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product": {
"name": "Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
}
}
},
{
"category": "product_name",
"name": "RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product": {
"name": "RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "wget-0:1.19.5-10.el8.x86_64",
"product": {
"name": "wget-0:1.19.5-10.el8.x86_64",
"product_id": "wget-0:1.19.5-10.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/wget@1.19.5-10.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "wget-debugsource-0:1.19.5-10.el8.x86_64",
"product": {
"name": "wget-debugsource-0:1.19.5-10.el8.x86_64",
"product_id": "wget-debugsource-0:1.19.5-10.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/wget-debugsource@1.19.5-10.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "wget-debuginfo-0:1.19.5-10.el8.x86_64",
"product": {
"name": "wget-debuginfo-0:1.19.5-10.el8.x86_64",
"product_id": "wget-debuginfo-0:1.19.5-10.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/wget-debuginfo@1.19.5-10.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libmetalink-0:0.1.3-7.el8.x86_64",
"product": {
"name": "libmetalink-0:0.1.3-7.el8.x86_64",
"product_id": "libmetalink-0:0.1.3-7.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmetalink@0.1.3-7.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libmetalink-devel-0:0.1.3-7.el8.x86_64",
"product": {
"name": "libmetalink-devel-0:0.1.3-7.el8.x86_64",
"product_id": "libmetalink-devel-0:0.1.3-7.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmetalink-devel@0.1.3-7.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"product": {
"name": "libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"product_id": "libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmetalink-debugsource@0.1.3-7.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"product": {
"name": "libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"product_id": "libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmetalink-debuginfo@0.1.3-7.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"product": {
"name": "redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"product_id": "redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.4.10-1.el8ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"product": {
"name": "redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"product_id": "redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host-content@4.4.10-1.el8ev?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64",
"product": {
"name": "redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64",
"product_id": "redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.4.10-202202081536_8.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "wget-0:1.19.5-10.el8.src",
"product": {
"name": "wget-0:1.19.5-10.el8.src",
"product_id": "wget-0:1.19.5-10.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/wget@1.19.5-10.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "libmetalink-0:0.1.3-7.el8.src",
"product": {
"name": "libmetalink-0:0.1.3-7.el8.src",
"product_id": "libmetalink-0:0.1.3-7.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libmetalink@0.1.3-7.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"product": {
"name": "redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"product_id": "redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.4.10-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"product": {
"name": "redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"product_id": "redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host@4.4.10-202202081536_8.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch",
"product": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch",
"product_id": "redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.4.10-1.el8ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmetalink-0:0.1.3-7.el8.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src"
},
"product_reference": "libmetalink-0:0.1.3-7.el8.src",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmetalink-0:0.1.3-7.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64"
},
"product_reference": "libmetalink-0:0.1.3-7.el8.x86_64",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmetalink-debuginfo-0:0.1.3-7.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64"
},
"product_reference": "libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmetalink-debugsource-0:0.1.3-7.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64"
},
"product_reference": "libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmetalink-devel-0:0.1.3-7.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64"
},
"product_reference": "libmetalink-devel-0:0.1.3-7.el8.x86_64",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-0:4.4.10-202202081536_8.5.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src"
},
"product_reference": "redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
},
"product_reference": "redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wget-0:1.19.5-10.el8.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src"
},
"product_reference": "wget-0:1.19.5-10.el8.src",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wget-0:1.19.5-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64"
},
"product_reference": "wget-0:1.19.5-10.el8.x86_64",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wget-debuginfo-0:1.19.5-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64"
},
"product_reference": "wget-debuginfo-0:1.19.5-10.el8.x86_64",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wget-debugsource-0:1.19.5-10.el8.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
"product_id": "8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64"
},
"product_reference": "wget-debugsource-0:1.19.5-10.el8.x86_64",
"relates_to_product_reference": "8Base-RHV-Hypervisor-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.4.10-1.el8ev.src as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src"
},
"product_reference": "redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64 as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64"
},
"product_reference": "redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64 as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64"
},
"product_reference": "redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
"product_id": "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch"
},
"product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2021-4034",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-11-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src",
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2025869"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
],
"known_not_affected": [
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src",
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4034"
},
{
"category": "external",
"summary": "RHBZ#2025869",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"category": "external",
"summary": "RHSB-2022-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4034"
},
{
"category": "external",
"summary": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt",
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-01-25T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-02-15T11:01:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0540"
},
{
"category": "workaround",
"details": "For customers who cannot update immediately and doesn\u0027t have Secure Boot feature enabled, the issue can be mitigated by executing the following steps:\n\n1) Install required systemtap packages and dependencies as per - pointed by https://access.redhat.com/solutions/5441\n\n2) Install polkit debug info:\n ~~~\n debuginfo-install polkit\n ~~~\n\n3) Create the following systemtap script, and name it pkexec-block.stp:\n ~~~\n probe process(\"/usr/bin/pkexec\").function(\"main\") {\n if (cmdline_arg(1) == \"\")\n raise(9);\n}\n~~~\n\n4) Load the systemtap module into the running kernel:\n ~~~\n stap -g -F -m stap_pkexec_block pkexec_block.stp\n ~~~\n\n5) Ensure the module is loaded:\n ~~~\n lsmod | grep -i stap_pkexec_block\nstap_pkexec_block 434176 0\n~~~\n\n6) Once polkit package was updated to the version containing the fix, the systemtap generated kernel module can be removed by running:\n ~~~\n rmmod stap_pkexec_block\n ~~~\n\nThis mitigation doesn\u0027t work for Secure Boot enabled system as SystemTap would require an external compiling server to be able to sign the generated kernel module\nwith a key enrolled into the Kernel\u0027s keyring.",
"product_ids": [
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src",
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-27T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector"
},
{
"acknowledgments": [
{
"names": [
"Kirill Tkhai"
],
"organization": "Virtuozzo Kernel team"
}
],
"cve": "CVE-2021-4155",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2021-12-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src",
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034813"
}
],
"notes": [
{
"category": "description",
"text": "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
],
"known_not_affected": [
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src",
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4155"
},
{
"category": "external",
"summary": "RHBZ#2034813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4155"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79"
}
],
"release_date": "2022-01-10T06:36:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-02-15T11:01:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0540"
},
{
"category": "workaround",
"details": "This issue can be mitigated by ensuring xfs_alloc_file_space is not called with \"0\" as an argument.\n\nThis can be done with a SystemTap script (which resets \"0\" with XFS_BMAPI_PREALLOC), below are the steps:\n\n1) Save the following script in a \u0027CVE-2021-4155.stp\u0027 file\n\n--- On Red Hat Enterprise Linux 6 ---\nprobe module(\"xfs\").function(\"xfs_alloc_file_space\") {\n\tif ($alloc_type == 0)\n\t\t$alloc_type = 0x40;\t# XFS_BMAPI_PREALLOC\n}\n--- On Red Hat Enterprise Linux 6 ---\n\n--- On Red Hat Enterprise Linux 7 onwards ---\nprobe module(\"xfs\").function(\"xfs_alloc_file_space\") {\n\tif ($alloc_type == 0)\n\t\t$alloc_type = 0x8;\t# XFS_BMAPI_PREALLOC\n}\n--- On Red Hat Enterprise Linux 7 onwards ---\n\n2) Install systemtap package and its dependencies\n\n # yum install -y systemtap systemtap-runtime\n # yum install -y kernel-devel kernel-debuginfo\n\n3) Build the mitigation kernel module as root.\n\n # stap -r `uname -r` -m cve_2021_4155.ko -g CVE-2021-4155.stp -p4\n\n4) Load the mitigation module as root\n\n # staprun -L cve_2021_4155.ko\n\n\n\nWhat is SystemTap and how to use it?\nhttps://access.redhat.com/solutions/5441",
"product_ids": [
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src",
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL"
},
{
"cve": "CVE-2021-45417",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src",
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2041489"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large (\u003c16k) extended file attributes or ACL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aide: heap-based buffer overflow on outputs larger than B64_BUF",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
],
"known_not_affected": [
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src",
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45417"
},
{
"category": "external",
"summary": "RHBZ#2041489",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041489"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45417"
}
],
"release_date": "2022-01-20T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-02-15T11:01:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "aide: heap-based buffer overflow on outputs larger than B64_BUF"
},
{
"acknowledgments": [
{
"names": [
"William Liu"
],
"organization": "willsroot@protonmail.com"
},
{
"names": [
"Jamie Hill-Daniel"
],
"organization": "jamie@hill-daniel.co.uk"
},
{
"names": [
"Isaac Badipe"
],
"organization": "isaac.badipe@gmail.com"
},
{
"names": [
"Alec Petridis"
],
"organization": "alecthechop@gmail.com"
},
{
"names": [
"Hrvoje Mi\u0161eti\u0107"
],
"organization": "misetichrvoje@gmail.com"
},
{
"names": [
"Philip Papurt"
],
"organization": "g@gnk.io"
}
],
"cve": "CVE-2022-0185",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2022-01-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src",
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2040358"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: fs_context: heap overflow in legacy parameter handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 8.4 GA onwards. Previous Red Hat Enterprise Linux versions are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
],
"known_not_affected": [
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src",
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0185"
},
{
"category": "external",
"summary": "RHBZ#2040358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0185"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2"
},
{
"category": "external",
"summary": "https://github.com/Crusaders-of-Rust/CVE-2022-0185",
"url": "https://github.com/Crusaders-of-Rust/CVE-2022-0185"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2022/01/18/7",
"url": "https://www.openwall.com/lists/oss-security/2022/01/18/7"
},
{
"category": "external",
"summary": "https://www.willsroot.io/2022/01/cve-2022-0185.html",
"url": "https://www.willsroot.io/2022/01/cve-2022-0185.html"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-01-18T18:41:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-02-15T11:01:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0540"
},
{
"category": "workaround",
"details": "On non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.",
"product_ids": [
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.src",
"8Base-RHV-Hypervisor-4:libmetalink-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debuginfo-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-debugsource-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:libmetalink-devel-0:0.1.3-7.el8.x86_64",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.src",
"8Base-RHV-Hypervisor-4:wget-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debuginfo-0:1.19.5-10.el8.x86_64",
"8Base-RHV-Hypervisor-4:wget-debugsource-0:1.19.5-10.el8.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.src",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.4.10-1.el8ev.x86_64",
"8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.4.10-1.el8ev.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.4.10-202202081536_8.5.src",
"8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.4.10-202202081536_8.5.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2024-08-21T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: fs_context: heap overflow in legacy parameter handling"
}
]
}
SCA-2022-0002
Vulnerability from csaf_sick - Published: 2022-02-23 16:00 - Updated: 2022-02-23 16:00Summary
PwnKit vulnerability affects multiple SICK IPCs
Notes
CVE-2021-4034 is a Local Privilege Escalation (LPE) vulnerability, located in the "Polkit" package
installed by default on almost every major distribution of the Linux operating system.
On 2022-01-25, Qualys released an advisory for this LPE vulnerability, advising to either update the “Polkit” package or implement the mitigation that Qualys recommends.
In an air-gapped system SICK recommends all customers to implement at least the available mitigation for the corresponding Linux distribution. Please note, that this vulnerability can be exploited only if an user with unprivileged authorization can establish a connection to the systems.
General Security Measures: As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification: SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
7.8 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-0021 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0022 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0023 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0024 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0025 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0026 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0027 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0028 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0029 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0030 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0031 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0032 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0033 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0034 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0035 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0036 | — |
Vendor Fix
Mitigation
fix
|
|
| Unresolved product id: CSAFPID-0037 | — |
Vendor Fix
Mitigation
fix
|
References
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"audience": "all",
"category": "summary",
"text": "CVE-2021-4034 is a Local Privilege Escalation (LPE) vulnerability, located in the \"Polkit\" package \ninstalled by default on almost every major distribution of the Linux operating system.\n\nOn 2022-01-25, Qualys released an advisory for this LPE vulnerability, advising to either update the \u201cPolkit\u201d package or implement the mitigation that Qualys recommends.\n\nIn an air-gapped system SICK recommends all customers to implement at least the available mitigation for the corresponding Linux distribution. Please note, that this vulnerability can be exploited only if an user with unprivileged authorization can establish a connection to the systems. "
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "http://ics-cert.us-cert.gov/content/recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2022/sca-2022-0002.json"
}
],
"title": "PwnKit vulnerability affects multiple SICK IPCs",
"tracking": {
"current_release_date": "2022-02-23T16:00:00.000Z",
"generator": {
"date": "2023-02-10T09:01:25.481Z",
"engine": {
"name": "Secvisogram",
"version": "2.0.0"
}
},
"id": "SCA-2022-0002",
"initial_release_date": "2022-02-23T16:00:00.000Z",
"revision_history": [
{
"date": "2022-02-23T16:00:00.000Z",
"number": "1",
"summary": "Initial release"
},
{
"date": "2023-02-10T11:00:00.000Z",
"number": "2",
"summary": "Updated Advisory (only visual changes)"
},
{
"date": "2025-07-30T07:29:45.000Z",
"number": "3",
"summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE5401, M16G, 1TB, LINUX, CUSTOM all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"1111424"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE5401, M16G, 1TB, LINUX, CUSTOM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE5401, M16G, 2TB, C7 all versions",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"skus": [
"1099249"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE5401, M16G, 2TB, C7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE5401, M16G, 1TB, C7 all versions",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"skus": [
"1099248"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE5401, M16G, 1TB, C7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, EOS1300, M16G, 1TB, C7 all versions",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"skus": [
"1092516"
]
}
}
}
],
"category": "product_name",
"name": "PC, EOS1300, M16G, 1TB, C7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, EOS1300, M16G, 2TB, C7 all versions",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"skus": [
"1092517"
]
}
}
}
],
"category": "product_name",
"name": "PC, EOS1300, M16G, 2TB, C7"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5401, SSCT, R0, 2TB all versions",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"skus": [
"2084896",
"2098056"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5401, SSCT, R0, 2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5401,R0,2TB,SS-X all versions",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"skus": [
"2095232"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5401,R0,2TB,SS-X"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5401,R0,2TB,UDS-X all versions",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"skus": [
"2104564"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5401,R0,2TB,UDS-X"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5321, SSXT, R0, 2TB all versions",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"skus": [
"2084076"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5321, SSXT, R0, 2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5321, SSAT, R0, 2TB all versions",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"skus": [
"2084077"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5321, SSAT, R0, 2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5321, UDS, R0, 2TB all versions",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"skus": [
"2084078"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5321, UDS, R0, 2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5401, SSAT, R0, 2TB all versions",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"skus": [
"2084897"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5401, SSAT, R0, 2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5401, UDS, R0, 2TB all versions",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"skus": [
"2084898"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5401, UDS, R0, 2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, MXE-5401, SP, R0,2TB all versions",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"skus": [
"2099100"
]
}
}
}
],
"category": "product_name",
"name": "PC, MXE-5401, SP, R0,2TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC-MXE 5401, CUSTOM, C6, 1TB all versions",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"skus": [
"2056761"
]
}
}
}
],
"category": "product_name",
"name": "PC-MXE 5401, CUSTOM, C6, 1TB"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK ERGO,DISP,KIT,C6X,CUSTOM all versions",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"skus": [
"2087772"
]
}
}
}
],
"category": "product_name",
"name": "ERGO,DISP,KIT,C6X,CUSTOM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK PC, K700-SE-MS4X, M16G, 1TB all versions",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"skus": [
"1122338"
]
}
}
}
],
"category": "product_name",
"name": "PC, K700-SE-MS4X, M16G, 1TB"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"full_product_names": [
{
"name": "CentOS",
"product_id": "CSAFPID-0018"
},
{
"name": "RedHat",
"product_id": "CSAFPID-0019"
},
{
"name": "Ubuntu",
"product_id": "CSAFPID-0020"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE5401, M16G, 1TB, LINUX, CUSTOM all versions (CentOS)",
"product_id": "CSAFPID-0021"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE5401, M16G, 2TB, C7 all versions (CentOS)",
"product_id": "CSAFPID-0022"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE5401, M16G, 1TB, C7 all versions (CentOS)",
"product_id": "CSAFPID-0023"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, EOS1300, M16G, 1TB, C7 all versions (CentOS)",
"product_id": "CSAFPID-0024"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, EOS1300, M16G, 2TB, C7 all versions (CentOS)",
"product_id": "CSAFPID-0025"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5401,R0,2TB,SS-X all versions (RedHat)",
"product_id": "CSAFPID-0026"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5401,R0,2TB,UDS-X all versions (RedHat)",
"product_id": "CSAFPID-0027"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5321, SSXT, R0, 2TB all versions (RedHat)",
"product_id": "CSAFPID-0028"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5321, SSAT, R0, 2TB all versions (RedHat)",
"product_id": "CSAFPID-0029"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5321, UDS, R0, 2TB all versions (RedHat)",
"product_id": "CSAFPID-0030"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5401, SSAT, R0, 2TB all versions (RedHat)",
"product_id": "CSAFPID-0031"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5401, UDS, R0, 2TB all versions (RedHat)",
"product_id": "CSAFPID-0032"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5401, SSCT, R0, 2TB all versions (RedHat)",
"product_id": "CSAFPID-0033"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, MXE-5401, SP, R0,2TB all versions (RedHat)",
"product_id": "CSAFPID-0034"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC-MXE 5401, CUSTOM, C6, 1TB all versions (CentOS)",
"product_id": "CSAFPID-0035"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK ERGO,DISP,KIT,C6X,CUSTOM all versions (CentOS)",
"product_id": "CSAFPID-0036"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK PC, K700-SE-MS4X, M16G, 1TB all versions (Ubuntu)",
"product_id": "CSAFPID-0037"
},
"product_reference": "CSAFPID-0020",
"relates_to_product_reference": "CSAFPID-0017"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4034",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-01-31T16:00:00.000Z",
"notes": [
{
"category": "description",
"text": "The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to \nexecute environment variables as commands. An attacker can leverage this by crafting environment \nvariables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the \nattack can cause a local privilege escalation given unprivileged users administrative rights on the \ntarget machine."
}
],
"product_status": {
"fixed": [
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037"
]
},
"references": [
{
"summary": "Qualys Advisory",
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-02-23T16:00:00.000Z",
"details": "Update to newest version",
"product_ids": [
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037"
]
},
{
"category": "mitigation",
"details": "- In case your SICK IPC for Analytics has been set up normally, without a \u201ckiosk\u201d mode:\n\n - Log in as the \\\u003croot\\\u003e user (credentials will be supplied separately).\n\n - Start the \\\u003cterminal\\\u003e app.\n\n - At the command prompt, enter the following command: \\\u003cchmod 0755 /usr/bin/pkexec\\\u003e\n\n - Log out from \\\u003croot\\\u003e\n\n- In case your SICK IPC for Analytics has been set up in \u201ckiosk\u201d mode:\n\n Note: In this below example, the OS is assumed to be CentOS 6.8 running a Gnome 2.28.2 GUI with SICK Package Analytics pre-installed and running on Kiosk mode.\n\n - These instructions start from the default kiosk-mode display of Package analytics.\n \n - Press \\\u003cCTRL+F4\\\u003e on the keyboard. This will bring up the desktop for the \\\u003cguest\\\u003e user.\n\n - Select the green \u201crunning man\u201d icon in the upper right.\n\n - Select \\\u003cLog Out\\\u003e in the dialog box.\n\n - In the ensuing dialog, press \\\u003cCancel\\\u003e. It\u2019s on a timer, so this step has to be done quickly.\n\n - This brings up a display that allows the user to log in to other accounts. Select \\\u003cother\\\u003e.\n\n - Enter \\\u003croot\\\u003e as the username.\n\n - Enter the root password. Note this will be provided in a separate email.\n\n - This brings up the root desktop. Click on the black terminal icon at the top of the display to bring up the command line prompt.\n\n - At the command line, enter the following command: \\\u003cchmod 0755 /usr/bin/pkexec\\\u003e\n\n - Click on the \\\u003cx\\\u003e in the upper right to close the terminal window.\n\n - As before click on the \u201crunning man\u201d icon at the top of the display to bring up the logout screen.\n \n - Select \\\u003cLog Out\\\u003e in the ensuing dialogue.\n\nThis completes the process. The system will automatically back in as the guest kiosk user.",
"product_ids": [
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#mitigation"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024",
"CSAFPID-0025",
"CSAFPID-0026",
"CSAFPID-0027",
"CSAFPID-0028",
"CSAFPID-0029",
"CSAFPID-0030",
"CSAFPID-0031",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0034",
"CSAFPID-0035",
"CSAFPID-0036",
"CSAFPID-0037"
]
}
],
"title": "CVE-2021-4034 Out-of-bounds Write"
}
]
}
SSA-330556
Vulnerability from csaf_siemens - Published: 2022-06-14 00:00 - Updated: 2022-06-14 00:00Summary
SSA-330556: PwnKit Vulnerability in SCALANCE LPE9403 and SINUMERIK Edge Products (CVE-2021-4034)
Notes
Summary: The products listed below contain a local privilege escalation vulnerability (CVE-2021-4034) found on polkit's pkexec utility, that could allow an unprivileged user to gain administrative rights.
Siemens has released updates for the affected products and recommends to update to the latest versions.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
CWE-787
- Out-of-bounds Write
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SCALANCE LPE9403
Siemens / SCALANCE LPE9403
|
6GK5998-3GS00-2AC2
|
< V2.0 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
SINUMERIK Edge
Siemens / SINUMERIK Edge
|
< V3.3.0 |
Vendor Fix
Mitigation
Mitigation
|
References
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "The products listed below contain a local privilege escalation vulnerability (CVE-2021-4034) found on polkit\u0027s pkexec utility, that could allow an unprivileged user to gain administrative rights.\n\nSiemens has released updates for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-330556: PwnKit Vulnerability in SCALANCE LPE9403 and SINUMERIK Edge Products (CVE-2021-4034) - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"category": "self",
"summary": "SSA-330556: PwnKit Vulnerability in SCALANCE LPE9403 and SINUMERIK Edge Products (CVE-2021-4034) - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-330556.txt"
},
{
"category": "self",
"summary": "SSA-330556: PwnKit Vulnerability in SCALANCE LPE9403 and SINUMERIK Edge Products (CVE-2021-4034) - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-330556.json"
}
],
"title": "SSA-330556: PwnKit Vulnerability in SCALANCE LPE9403 and SINUMERIK Edge Products (CVE-2021-4034)",
"tracking": {
"current_release_date": "2022-06-14T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-330556",
"initial_release_date": "2022-06-14T00:00:00Z",
"revision_history": [
{
"date": "2022-06-14T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V2.0",
"product": {
"name": "SCALANCE LPE9403",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"6GK5998-3GS00-2AC2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE LPE9403"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V3.3.0",
"product": {
"name": "SINUMERIK Edge",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SINUMERIK Edge"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4034",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"references": [
{
"summary": "CVE-2021-4034 - SCALANCE LPE9403",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"summary": "CVE-2021-4034 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-4034.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.0 or later version",
"product_ids": [
"1"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811123/"
},
{
"category": "vendor_fix",
"details": "Update to V3.3.0 or later version",
"product_ids": [
"2"
]
},
{
"category": "mitigation",
"details": "Restrict system access to authorized personnel and follow a least privilege approach",
"product_ids": [
"1",
"2"
]
},
{
"category": "mitigation",
"details": "Temporary mitigation exists at the expense of pkexec\u2019s capabilities. By removing SUID permissions, the program cannot run processes as root. However, any processes that rely on it for normal operation will be affected\n\n- SUID permission can be removed with chmod, as follows: chmod 0755 /usr/bin/pkexec",
"product_ids": [
"1",
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-4034"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…