polkit

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Application development toolkit for controlling system-wide privileges
Version 125-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2654 0.120-3 0.120-5 High Fixed
AVG-2028 0.118-1 0.119-1 Medium Fixed
AVG-897 0.115+24+g5230646-1 0.116-1 High Fixed FS#61751
AVG-828 0.115+3+g8638ec5-1 0.115+24+g5230646-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-4115 AVG-2654 Medium No Denial of service
There is a file descriptor leak in polkit, which can enable an unprivileged user to cause polkit to crash, due to file descriptor exhaustion.
CVE-2021-4034 AVG-2654 High No Privilege escalation
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged...
CVE-2021-3560 AVG-2028 Medium No Privilege escalation
A security issue was found in polkit before version 0.119. When a requesting process disconnects from dbus-daemon just before the call to...
CVE-2019-6133 AVG-897 High No Authentication bypass
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions...
CVE-2018-19788 AVG-828 High No Privilege escalation
A security issue has been found in polkit <= 0.115, where an unprivileged user with a UID > INT_MAX can successfully execute any systemctl command.

Advisories

Date Advisory Group Severity Type
04 Apr 2022 ASA-202204-2 AVG-2654 High multiple issues
09 Jun 2021 ASA-202106-24 AVG-2028 Medium privilege escalation
08 Jan 2019 ASA-201901-2 AVG-828 High privilege escalation