Описание
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
Пакеты
Пакет | Статус | Версия исправления | Релиз | Тип |
---|---|---|---|---|
policykit-1 | fixed | 0.120-6 | experimental | package |
policykit-1 | fixed | 0.105-32 | package | |
policykit-1 | no-dsa | bullseye | package | |
policykit-1 | not-affected | buster | package | |
policykit-1 | not-affected | stretch | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2007534
https://securitylab.github.com/advisories/GHSL-2021-077-polkit/
Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7
https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38
Debian backported 0.113 commits in 0.105-26
EPSS
Связанные уязвимости
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
EPSS