Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. This polkit local privilege escalation bug (tracked as CVE-2021-3560) was publicly disclosed, and a fix was released on June 3, 2021.

It was introduced seven years ago in version 0.113 and was only recently discovered by GitHub Security Lab security researcher Kevin Backhouse.

Even though many Linux distributions haven't shipped with the vulnerable polkit version until recently, any Linux system shipping with polkit 0.113 or later installed is exposed to attacks.