Number: AV22-042
Date: 27 January 2022

On 25 January 2022 several Linux distributions released security updates to address a vulnerability in the following product:

PolKit is a component for controlling system-wide privileges and is present in the default configuration of all major Linux distributions.

Exploitation of this vulnerability may lead to local privilege escalation to root.

Proof-of-concept exploit code has been released publicly.

Please note that the list below is not exhaustive and that other versions of Linux may also be affected.

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

Debian
Red Hat
SUSE
Ubuntu
Qualys’ Disclosure



Source link