CVE-2021-4034
Summary
| CVE | CVE-2021-4034 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-01-28 20:15:00 UTC |
| Updated | 2023-11-07 03:40:00 UTC |
| Description | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. |
Risk And Classification
EPSS: 0.884720000 probability, percentile 0.994950000 (date 2026-04-01)
CISA KEV: Listed on 2022-06-27; due 2022-07-18; ransomware use Unknown
Problem Types: CWE-125 | CWE-787
CISA Known Exploited Vulnerability
| Vendor | Red Hat |
|---|---|
| Product | Polkit |
| Name | Red Hat Polkit Out-of-Bounds Read and Write Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2021-4034 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 21.10 | All | All | All |
| Application | Oracle | Http Server | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Http Server | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Zfs Storage Appliance Kit | 8.8 | All | All | All |
| Application | Polkit Project | Polkit | All | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 8.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian Eus | 8.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian Eus | 8.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian Eus | 8.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Scientific Computing | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 8.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 8.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 8.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 8.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 8.4 | All | All | All |
| Application | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.6 | All | All | All |
| Application | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 8.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 8.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 8.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Hardware | Siemens | Scalance Lpe9403 | - | All | All | All |
| Operating System | Siemens | Scalance Lpe9403 Firmware | All | All | All | All |
| Application | Siemens | Sinumerik Edge | All | All | All | All |
| Application | Starwindsoftware | Command Center | 1.0 | update3_build5871 | All | All |
| Application | Starwindsoftware | Starwind Hyperconverged Appliance | - | All | All | All |
| Application | Starwindsoftware | Starwind Virtual San | v8 | build14338 | All | All |
| Application | Suse | Enterprise Storage | 7.0 | All | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 15 | sp2 | All | All |
| Application | Suse | Linux Enterprise High Performance Computing | 15.0 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Server | 15 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Server | 15 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Workstation Extension | 12 | sp5 | All | All |
| Application | Suse | Manager Proxy | 4.1 | All | All | All |
| Application | Suse | Manager Server | 4.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2025869 – (CVE-2021-4034) CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector | MISC | bugzilla.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| RHSB-2022-001 Polkit Privilege Escalation - (CVE-2021-4034) - Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf | CONFIRM | cert-portal.siemens.com | |
| PwnKit: Local Privilege Escalation Vulnerability In Major Linux Distributions - SecPod Blog | MISC | www.secpod.com | |
| Oracle Critical Patch Update Advisory - April 2022 | MISC | www.oracle.com | |
| Polkit pkexec Local Privilege Escalation ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Polkit pkexec Privilege Escalation ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt | MISC | www.qualys.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| pkexec: local privilege escalation (CVE-2021-4034) (a2bf5c9c) · Commits · polkit / polkit · GitLab | MISC | gitlab.freedesktop.org | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| CVE-2021-4034 PolicyKit privilege escalation vulnerability in StarWind products | MISC | www.starwindsoftware.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Security vulnerability: CVE-2021-4034 local root exploit in polkit aka "pwnkit" | Support | SUSE | MISC | www.suse.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159583 Oracle Enterprise Linux Security Update for polkit (ELSA-2022-0267) (PwnKit)
- 159584 Oracle Enterprise Linux Security Update for polkit (ELSA-2022-0274) (PwnKit)
- 159620 Oracle Enterprise Linux Security Update for polkit (ELSA-2022-9073)
- 179030 Debian Security Update for policykit-1 (DSA 5059-1) (PwnKit)
- 179040 Debian Security Update for policykit-1 (DLA 2899-1) (PwnKit)
- 182683 Debian Security Update for policykit-1 (CVE-2021-4034)
- 198645 Ubuntu Security Notification for PolicyKit Vulnerability (USN-5252-1) (PwnKit)
- 240028 Red Hat Update for polkit (RHSA-2022:0267) (PwnKit)
- 240031 Red Hat Update for polkit (RHSA-2022:0274) (PwnKit)
- 240032 Red Hat Update for polkit (RHSA-2022:0265) (PwnKit)
- 240033 Red Hat Update for polkit (RHSA-2022:0266) (PwnKit)
- 240421 Red Hat Update for polkit (RHSA-2022:0273)
- 240443 Red Hat Update for polkit (RHSA-2022:0268)
- 257147 CentOS Security Update for polkit (CESA-2022:0274) (PwnKit)
- 282284 Fedora Security Update for polkit (FEDORA-2022-1acf1bb522) (PwnKit)
- 282285 Fedora Security Update for polkit (FEDORA-2022-da040e6b94) (PwnKit)
- 296061 Oracle Solaris 11.4 Support Repository Update (SRU) 42.113.1 Missing (CPUJAN2022)
- 353118 Amazon Linux Security Advisory for polkit : ALAS2-2022-1745 (PwnKit)
- 354367 Amazon Linux Security Advisory for polkit : ALAS2022-2022-220
- 354391 Amazon Linux Security Advisory for polkit : ALAS2022-2022-016
- 354564 Amazon Linux Security Advisory for polkit : ALAS-2022-220
- 355263 Amazon Linux Security Advisory for polkit : ALAS2023-2023-026
- 376287 Polkit pkexec Local Privilege Escalation Vulnerability (PwnKit)
- 376885 Alibaba Cloud Linux Security Update for polkit (ALINUX2-SA-2022:0007)
- 377154 Alibaba Cloud Linux Security Update for polkit (ALINUX3-SA-2022:0004)
- 390257 Oracle Managed Virtualization (VM) Server for x86 Security Update for polkit (OVMSA-2022-0006)
- 502158 Alpine Linux Security Update for polkit
- 502336 Alpine Linux Security Update for polkit
- 591095 Delta Controls CopperCube Polkit's pkexec utility Vulnerability (SecB0005)
- 591295 Siemens SCALANCE LPE 4903 Out-of-bounds Write Vulnerability (ICSA-22-167-16, SSA-330556)
- 671405 EulerOS Security Update for polkit (EulerOS-SA-2022-1335)
- 671422 EulerOS Security Update for polkit (EulerOS-SA-2022-1359)
- 671439 EulerOS Security Update for polkit (EulerOS-SA-2022-1365)
- 671475 EulerOS Security Update for polkit (EulerOS-SA-2022-1420)
- 671482 EulerOS Security Update for polkit (EulerOS-SA-2022-1419)
- 671528 EulerOS Security Update for polkit (EulerOS-SA-2022-1493)
- 671536 EulerOS Security Update for polkit (EulerOS-SA-2022-1512)
- 690781 Free Berkeley Software Distribution (FreeBSD) Security Update for polkit (0f8bf913-7efa-11ec-8c04-2cf05d620ecc)
- 710572 Gentoo Linux Polkit Local privilege escalation Vulnerability (GLSA 202201-01)
- 730371 McAfee Web Gateway Multiple Vulnerabilities (WP-3335,WP-4131,WP-4159,WP-4237,WP-4259,WP-4329,WP-4348,WP-4355,WP-4376,WP-4407,WP-4421)
- 730414 Dell InsightIQ Security Update for Polkit Vulnerability (DSA-2022-050)
- 751644 SUSE Enterprise Linux Security Update for polkit (SUSE-SU-2022:0189-1) (PwnKit)
- 751645 SUSE Enterprise Linux Security Update for polkit (SUSE-SU-2022:0191-1) (PwnKit)
- 751649 SUSE Enterprise Linux Security Update for polkit (SUSE-SU-2022:0190-1) (PwnKit)
- 751658 OpenSUSE Security Update for polkit (openSUSE-SU-2022:0190-1) (PwnKit)
- 900619 Common Base Linux Mariner (CBL-Mariner) Security Update for polkit (8332)
- 901617 Common Base Linux Mariner (CBL-Mariner) Security Update for polkit (8335-1)
- 940435 AlmaLinux Security Update for polkit (ALSA-2022:0267) (PwnKit)
- 960103 Rocky Linux Security Update for polkit (RLSA-2022:267) (PwnKit)
- 960714 Rocky Linux Security Update for polkit (RLSA-2022:0267)