Linux Policy Kit Elevation of Privilege Vulnerability
Release Date:
27 Jan 2022
6302
Views
RISK: Medium Risk
TYPE: Operating Systems - Linux
A vulnerability was identified in Linux Policy Kit. Local attacker could exploit the vulnerability to trigger elevation of privilege on the targeted system.
Note:
CVE-2021-4034 is being exploited in the wild.
Impact
- Elevation of Privilege
System / Technologies affected
For Suse:
- SUSE MicroOS 5.0 and 5.1
- SUSE Manager Server 4.1
- SUSE Manager Retail Branch Server 4.1
- SUSE Manager Proxy 4.1
- SUSE Linux Enterprise Server for SAP 15-SP2
- SUSE Linux Enterprise Server 15-SP2-LTSS
- SUSE Linux Enterprise Server 15-SP2-BCL
- SUSE Linux Enterprise Module for Basesystem 15-SP3
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
- SUSE Enterprise Storage 7
- SUSE Linux Enterprise Server for SAP 15 and 15-SP1
- SUSE Linux Enterprise Server 15-SP1-LTSS
- SUSE Linux Enterprise Server 15-SP1-BCL
- SUSE Linux Enterprise Server 15-LTSS
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
- SUSE Linux Enterprise High Performance Computing 15-LTSS
- SUSE Linux Enterprise High Performance Computing 15-ESPOS
- SUSE Enterprise Storage 6
- SUSE CaaS Platform 4.0
- SUSE OpenStack Cloud Crowbar 8 and 9
- SUSE OpenStack Cloud 8 and 9
- SUSE Linux Enterprise Workstation Extension 12-SP5
- SUSE Linux Enterprise Software Development Kit 12-SP5
- SUSE Linux Enterprise Server for SAP 12-SP3 and 12-SP4
- SUSE Linux Enterprise Server 12-SP5
- SUSE Linux Enterprise Server 12-SP4-LTSS
- SUSE Linux Enterprise Server 12-SP3-LTSS
- SUSE Linux Enterprise Server 12-SP3-BCL
- SUSE Linux Enterprise Server 12-SP2-BCL
- HPE Helion Openstack 8
For Ubuntu
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
For RedHat
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux Server - AUS 7.3 x86_64
- Red Hat Enterprise Linux Server - AUS 7.4 x86_64
- Red Hat Enterprise Linux Server - AUS 7.6 x86_64
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - TUS 7.6 x86_64
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
Solutions
Before installation of the software, please visit the vendor web-site for more details.
For Suse:
- Apply fixes issued by the vendor:
For Ubuntu:
- Apply fixes issued by the vendor:
For RedHat:
- Apply fixes issued by the vendor:
- https://access.redhat.com/errata/RHSA-2022:0265
- https://access.redhat.com/errata/RHSA-2022:0266
- https://access.redhat.com/errata/RHSA-2022:0267
- https://access.redhat.com/errata/RHSA-2022:0268
- https://access.redhat.com/errata/RHSA-2022:0269
- https://access.redhat.com/errata/RHSA-2022:0270
- https://access.redhat.com/errata/RHSA-2022:0271
- https://access.redhat.com/errata/RHSA-2022:0272
- https://access.redhat.com/errata/RHSA-2022:0273
- https://access.redhat.com/errata/RHSA-2022:0274
Vulnerability Identifier
Source
Related Link
- https://www.suse.com/support/update/announcement/2022/suse-su-20220189-1/
- https://www.suse.com/support/update/announcement/2022/suse-su-20220190-1/
- https://www.suse.com/support/update/announcement/2022/suse-su-20220191-1/
- https://ubuntu.com/security/notices/USN-5252-1
- https://ubuntu.com/security/notices/USN-5252-2
- https://access.redhat.com/errata/RHSA-2022:0265
- https://access.redhat.com/errata/RHSA-2022:0266
- https://access.redhat.com/errata/RHSA-2022:0267
- https://access.redhat.com/errata/RHSA-2022:0268
- https://access.redhat.com/errata/RHSA-2022:0269
- https://access.redhat.com/errata/RHSA-2022:0270
- https://access.redhat.com/errata/RHSA-2022:0271
- https://access.redhat.com/errata/RHSA-2022:0272
- https://access.redhat.com/errata/RHSA-2022:0273
- https://access.redhat.com/errata/RHSA-2022:0274
- https://www.auscert.org.au/bulletins/ESB-2022.0359
- https://www.auscert.org.au/bulletins/ESB-2022.0360
- https://www.auscert.org.au/bulletins/ESB-2022.0352
Share with