Linux Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

Incident Report for Ekco UK

Resolved

This incident has been resolved.
Posted Mar 07, 2022 - 17:45 GMT

Identified

Solution has been identified and we have contacted customers.
If you have not not been contacted and need assistance with this, please contact us via: support@ek.co
Posted Jan 28, 2022 - 10:03 GMT

Investigating

We are currently investigating a Linux vulnerability (CVE-2021-4034). Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).
Posted Jan 27, 2022 - 10:14 GMT
This incident affected: Cloud (Compute).