Local privilege escalation vulnerability in Linux

Published: 2021-06-11
CVE-2021-3560

“A flaw was found in polkit. When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process.” The error is not handled correctly and the request is granted access.

As this vulnerability is very easy to exploit patching should be done as soon as possible.

Internally this is being tracked in BF-VLN-2292713 with the highest priority.