On January 26, 2022, Linux issued
a risk notice of pkexec, the vulnerability number is CVE-2021-4034, the vulnerability level is high risk with the CVSS of 7.8. At present, the poc
of this vulnerability has been made public.
The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according to predefined policies. pkexec is installed by default on all major Linux distributions like Ubuntu, Debian, Fedora, CentOS, and other distributions are probably also exploitable. Any unprivileged local user can exploit this vulnerability to obtain
full root privileges.
A local privilege escalation
vulnerability exists in polkit’s pkexec utility. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can exploit this by manipulating environment variables to induce pkexec to execute arbitrary code. After successful exploitation, it will lead to local privilege escalation, and unprivileged users gain administrator rights.
At present, various Linux distributions have officially issued security patches. It is recommended that users upgrade to the security version as soon as possible, or refer to the official instructions for mitigation. CentOS, Ubuntu, and Debian users can refer to the following links: