CVE-2021-4115
21.02.2022, 22:15
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawnedEnginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| polkit_project | polkit | 0.117 |
| redhat | enterprise_linux | 8.0 |
| canonical | ubuntu_linux | 20.04 |
| canonical | ubuntu_linux | 21.10 |
| debian | debian_linux | 11.0 |
| oracle | zfs_storage_appliance_kit | 8.8 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libpolkit-agent-1-0-121 |
| ||||||||||||||||||||
| libpolkit-gobject-1-0-121 |
| ||||||||||||||||||||
| libpolkit0 |
| ||||||||||||||||||||
| pkexec-121 |
| ||||||||||||||||||||
| polkit |
| ||||||||||||||||||||
| polkit-121 |
| ||||||||||||||||||||
| polkit-devel |
| ||||||||||||||||||||
| polkit-devel-121 |
| ||||||||||||||||||||
| typelib-1_0-Polkit-1_0 |
| ||||||||||||||||||||
| typelib-1_0-Polkit-1_0-121 |
|
Red Hat Enterprise Linux Releases
References