Red Hat Polkit Incorrect Authorization Vulnerability
Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
A local attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2023-06-02 under CISA BOD 22-01.
This is a Incorrect Authorization (CWE-863) vulnerability in Red Hat Polkit. It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Exploitation requires local access, low attack complexity, a low-privilege authenticated account, and no user interaction required.
Probably yes if any of these apply:
Active exploitation documented in the wild. Threat-research write-up: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
Manual remediation steps
Apply the Vendor Patch
This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.
CISA required action: Apply updates per vendor instructions.
References
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References