Polkit’s pkexec (PwnKit) Local Privilege Escalation Vulnerability – CVE-2021-4034
- Accops
- January 28, 2022
- 5:02 am

On Jan 25th 2022, a critical vulnerability aliased “PwnKit” or CVE-2021-4034 was publicly released.
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).
PwnKit is a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.
The vulnerability is labelled as PwnKit (CVE-2021-4034: PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)) and successful exploitation of this vulnerability allows any unprivileged user(local) to gain root privileges on the vulnerable host.
Affected Products
Product Name | Affected Version |
Accops HySecure Gateway | All Versions |
Accops HyID | All Versions |
Accops Reporting Server | All Versions |
Linux Shared Hosted Desktop with Ubuntu OS | All Versions |
Linux Shared Hosted Desktop with CentOS OS | All Versions |
Accops HyDesk devices (with Ubuntu based OS) | All Versions |
Accops has released an Advisory (ASA-2022-0102), where fixes for products affected by this vulnerability have been provided: https://support.accops.com/en/support/solutions/articles/12000085471
If you are running Linux based VDI, we recommend updating your Linux gold master image and other cloned Linux VMs by installing latest OS patches to get the updated polkit package from the distribution upgrade site.
For more help, please write to: support@accops.com or open a support ticket at our support portal.
You may also like

Accops Finishes 2022 On A High Note, Wins Four Prestigious Awards
The year 2022 marked a significant landmark for Accops as we completed a decade of our existence. When we look back on where we started

Defense in Depth Security: Stopping the Advanced Cyber Attacks in its Track
Over the past few decades, the digital world has revolutionized itself manifold. Organizations no longer assume that trusted objects only exist inside, and untrusted ones

How can Cooperative Banks comply with the latest RBI guidelines?
In the wake of the recent surge in incidents of Internet banking frauds, RBI has issued a series of guidelines for banks. These guidelines are