Описание
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
Отчет
This vulnerability was rated with a Moderate severity by the Red Hat Product Security team. Although it may eventually lead to code execution, for an attacker to exploit this vulnerability by using a malicious XML policy file, they must have a high-privileged account on the system. This happens because the directories that hold Polkit's policy files are owned by the root user, drastically reducing the attack surface for this vulnerability.
Меры по смягчению последствий
There's no known mitigation to this vulnerability other than avoiding the implementation of unknown or untrusted polkit policy files to the system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | polkit | Fix deferred | ||
| Red Hat Enterprise Linux 6 | polkit | Out of support scope | ||
| Red Hat Enterprise Linux 7 | polkit | Out of support scope | ||
| Red Hat Enterprise Linux 8 | polkit | Fix deferred | ||
| Red Hat Enterprise Linux 9 | polkit | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Статус:
6.7 Medium
CVSS3
Связанные уязвимости
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account is needed as it's required to place the malicious policy file properly.
A flaw was found in polkit. When processing an XML policy with 32 or m ...
6.7 Medium
CVSS3