CVE-2026-4897
EUVD-2026-1621426.03.2026, 15:16
A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| freedesktop | polkit | - |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||
|---|---|---|---|---|---|---|---|
| libpolkit-agent-1-0-121 |
| ||||||
| libpolkit-gobject-1-0-121 |
| ||||||
| libpolkit0 |
| ||||||
| pkexec-121 |
| ||||||
| polkit |
| ||||||
| polkit-121 |
| ||||||
| polkit-devel |
| ||||||
| polkit-devel-121 |
| ||||||
| typelib-1_0-Polkit-1_0 |
| ||||||
| typelib-1_0-Polkit-1_0-121 |
|