CVE-2021-4115
Summary
| CVE | CVE-2021-4115 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-02-21 22:15:00 UTC |
| Updated | 2023-11-07 03:40:00 UTC |
| Description | There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 21.10 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Application | Oracle | Zfs Storage Appliance Kit | 8.8 | All | All | All |
| Application | Polkit Project | Polkit | 0.117 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| polkit File Descriptor Exhaustion ≈ Packet Storm | MISC | packetstormsecurity.com | |
| [SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.3 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| file descriptor exhaustion (GHSL-2021-077) (!6) · Merge requests · Red Hat / centos-stream / rpms / polkit · GitLab | MISC | gitlab.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| GHSL-2021-077: file descriptor exhaustion in polkit (#141) · Issues · polkit / polkit · GitLab | MISC | gitlab.freedesktop.org | |
| [SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.3 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Oracle Critical Patch Update Advisory - July 2022 | N/A | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159767 Oracle Enterprise Linux Security Update for polkit (ELSA-2022-1546)
- 182178 Debian Security Update for policykit-1 (CVE-2021-4115)
- 198684 Ubuntu Security Notification for PolicyKit Vulnerability (USN-5304-1)
- 240236 Red Hat Update for polkit (RHSA-2022:1546)
- 282407 Fedora Security Update for polkit (FEDORA-2022-353b7254fd)
- 282456 Fedora Security Update for polkit (FEDORA-2022-5e6d5fe680)
- 296063 Oracle Solaris 11.4 Support Repository Update (SRU) 45.119.2 Missing (CPUAPR2022)
- 354281 Amazon Linux Security Advisory for polkit : ALAS2022-2022-097
- 354367 Amazon Linux Security Advisory for polkit : ALAS2022-2022-220
- 354415 Amazon Linux Security Advisory for polkit : ALAS2022-2022-102
- 354564 Amazon Linux Security Advisory for polkit : ALAS-2022-220
- 355263 Amazon Linux Security Advisory for polkit : ALAS2023-2023-026
- 377353 Alibaba Cloud Linux Security Update for polkit (ALINUX3-SA-2022:0032)
- 671606 EulerOS Security Update for polkit (EulerOS-SA-2022-1580)
- 671738 EulerOS Security Update for polkit (EulerOS-SA-2022-1796)
- 671752 EulerOS Security Update for polkit (EulerOS-SA-2022-1813)
- 671790 EulerOS Security Update for polkit (EulerOS-SA-2022-1874)
- 671808 EulerOS Security Update for polkit (EulerOS-SA-2022-1850)
- 751732 SUSE Enterprise Linux Security Update for polkit (SUSE-SU-2022:0524-1)
- 751740 OpenSUSE Security Update for polkit (openSUSE-SU-2022:0525-1)
- 751982 SUSE Enterprise Linux Security Update for polkit (SUSE-SU-2022:0525-1)
- 753642 SUSE Enterprise Linux Security Update for polkit (SUSE-SU-2022:0525-2)
- 940483 AlmaLinux Security Update for polkit (ALSA-2022:1546)
- 960122 Rocky Linux Security Update for polkit (RLSA-2022:1546)