Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-4115

Опубликовано: 21 фев. 2022
Источник: debian
EPSS Низкий

Описание

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

Пакеты

ПакетСтатусВерсия исправленияРелизТип
policykit-1fixed0.120-6experimentalpackage
policykit-1fixed0.105-32package
policykit-1no-dsabullseyepackage
policykit-1not-affectedbusterpackage
policykit-1not-affectedstretchpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2007534

  • https://securitylab.github.com/advisories/GHSL-2021-077-polkit/

  • Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7

  • https://gitlab.freedesktop.org/polkit/polkit/-/issues/141

  • Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38

  • Debian backported 0.113 commits in 0.105-26

EPSS

Процентиль: 2%
0.00015
Низкий

Связанные уязвимости

CVSS3: 5.5
ubuntu
больше 3 лет назад

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

CVSS3: 6.2
redhat
больше 3 лет назад

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

CVSS3: 5.5
nvd
больше 3 лет назад

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

suse-cvrf
больше 3 лет назад

Security update for polkit

suse-cvrf
больше 2 лет назад

Security update for polkit

EPSS

Процентиль: 2%
0.00015
Низкий