Polkit: Local privilege escalation — GLSA 202201-01

A vulnerability in polkit could lead to local root privilege escalation.

Affected packages

sys-auth/polkit on all architectures
Affected versions < 0.120-r2
Unaffected versions >= 0.120-r2

Background

polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process.

Description

Flawed input validation of arguments was discovered in the 'pkexec' program's main() function.

Impact

A local attacker could achieve root privilege escalation.

Workaround

Run the following command as root: # chmod 0755 /usr/bin/pkexec

Resolution

Upgrade Polkit to a patched version.

			# emerge --sync
			# emerge --ask --verbose ">=sys-auth/polkit-0.120-r2"
		

References

Release date
January 27, 2022

Latest revision
January 27, 2022: 1

Severity
high

Exploitable
local

Bugzilla entries