Security
Security
A vulnerability in polkit could lead to local root privilege escalation.
| Package | sys-auth/polkit on all architectures |
|---|---|
| Affected versions | < 0.120-r2 |
| Unaffected versions | >= 0.120-r2 |
polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process.
Flawed input validation of arguments was discovered in the 'pkexec' program's main() function.
A local attacker could achieve root privilege escalation.
Run the following command as root: # chmod 0755 /usr/bin/pkexec
Upgrade Polkit to a patched version.
# emerge --sync # emerge --ask --verbose ">=sys-auth/polkit-0.120-r2"
Release date
January 27, 2022
Latest revision
January 27, 2022: 1
Severity
high
Exploitable
local
Bugzilla entries