A vulnerability in Polkit's pkexec component, identified as CVE-2021-4034 (PwnKit), is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on a system, researchers warned today.
CVE-2021-4034 is named PwnKit and traces its origins back to the initial commit of pkexec more than 12 years ago, meaning that all Polkit versions are affected.
As part of the Polkit open source application framework, which negotiates interactions between privileged and unprivileged processes, pkexec allows authorized users to execute commands as another user, as an alternative to sudo. [Read More]