---

12-Year-Old PolicyKit Local Privilege Escalation Flaw Now Patched in Major Linux Distros

According to the researchers, the vulnerability (CVE-2021-4034) was discovered in PolicyKit’s pkexec tool, which incorrectly handled command-line arguments. This could lead to local privilege escalation, allowing any regular user in a GNU/Linux distribution to gain administrative privileges and run programs as an administrator (root).

The good news is that most major GNU/Linux distributions already received patched versions of the Polkit package. At the moment of writing, Debian published patches for Debian GNU/Linux 10 “Buster” and Debian GNU/Linux 11 “Bullseye” systems, and Canonical published patches for all of its supported Ubuntu releases.