Qualys Research Team Warns of Significant polkit Vulnerability Affecting All Linux Users
The Qualys Research Team reached out to LinuxSecurity after discovering a memory corruption vulnerability in polkit’s pkexec. Pkexec is a SUID-root program that is installed by default on every major Linux distribution of the open-source operating system. This vulnerability is easily exploited and gives hackers the opportunity to gain full root privileges on a vulnerable host. Much like the Log4j vulnerability, the severity of this flaw is high and it is imperative that vulnerabilities are reported in a timely fashion. Experts also expressed that due to the simple possibility for exploitation the vulnerability needs to be patched and mitigated immediately.