What Is the CVE-2021-4034 Polkit Privilege Escalation Vulnerability?
Here's everything you need to know about the CVE-2021-4034 Polkit privilege escalation vulnerability in the Linux kernel.
Linux is widely known as a highly secure operating system. However, like any other system software, it too can fall prey to loopholes and exploits, the worst of which are privilege escalation vulnerabilities that allow an adversary to elevate their permissions and potentially take over an entire organization.
Polkit CVE-2021-4034 is a critical privilege escalation vulnerability that has gone unnoticed for over 12 years and affects all major Linux distributions. It is so devastating that a criticality rating of 8 was issued to the vulnerability. So, what exactly is Polkit CVE-2021-4034, and how can you fix it?
Polkit privilege escalation vulnerability weaponizes pkexec, an executable part of the PolicyKit component of Linux. pkexec is an executable that allows a user to execute commands as another user. The pkexec source code had loopholes that anyone could exploit to gain maximum privileges on a Linux system, i.e., become the root user. This bug has been termed "Pwnkit" and is being tracked as CVE-2021-4034.