CVE-2021-4034
Detail
Description
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Metrics
β
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected].
| URL |
Source(s) |
Tag(s) |
|
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
|
CVE, Inc., Red Hat |
Exploit
Third Party Advisory
VDB Entry
|
|
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
|
CVE, Inc., Red Hat |
Third Party Advisory
VDB Entry
|
|
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
|
CVE, Inc., Red Hat |
Mitigation
Vendor Advisory
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
|
CVE, Inc., Red Hat |
Issue Tracking
Patch
|
|
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
|
CVE, Inc., Red Hat |
Patch
|
|
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034
|
CISA-ADP |
US Government Resource
|
|
https://www.oracle.com/security-alerts/cpuapr2022.html
|
CVE, Inc., Red Hat |
Patch
Third Party Advisory
|
|
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
|
CVE, Inc., Red Hat |
Exploit
Mitigation
Third Party Advisory
|
|
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
|
CVE, Inc., Red Hat |
Exploit
Third Party Advisory
|
|
https://www.starwindsoftware.com/security/sw-20220818-0001/
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
https://www.suse.com/support/kb/doc/?id=000020564
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034
|
CVE |
Exploit
Third Party Advisory
|
This CVE is in CISA's Known Exploited Vulnerabilities Catalog
Reference
CISA's BOD 22-01 and Known
Exploited Vulnerabilities Catalog for further guidance and requirements.
| Vulnerability Name |
Date Added |
Due Date |
Required Action |
| Red Hat Polkit Out-of-Bounds Read and Write Vulnerability |
06/27/2022 |
07/18/2022 |
Apply updates per vendor instructions. |
Change History
29 change records found show changes
CVE Modified by CISA-ADP
6/17/2026 12:18:55 AM
| Action |
Type |
Old Value |
New Value |
| Added |
SSVC |
{"timestamp":"2025-10-12T10:21:57.857346Z","id":"CVE-2021-4034","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}
|
CVE Modified by Red Hat, Inc.
6/17/2026 12:18:55 AM
| Action |
Type |
Old Value |
New Value |
| Added |
Affected |
[{"vendor":"n/a","product":"polkit","versions":[{"version":"all","status":"affected"}]}]
|
Modified Analysis by NIST
11/06/2025 9:50:26 AM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference Type |
CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034 Types: US Government Resource
|
CVE Modified by CISA-ADP
10/21/2025 8:17:50 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034
|
CVE Modified by CISA-ADP
10/21/2025 4:18:52 PM
| Action |
Type |
Old Value |
New Value |
| Removed |
Reference |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034
|
CVE Modified by CISA-ADP
10/21/2025 3:19:27 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034
|
Modified Analysis by NIST
4/03/2025 2:53:12 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference Type |
CVE: https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034 Types: Exploit, Third Party Advisory
|
CVE Modified by CVE
11/21/2024 1:36:45 AM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
|
| Added |
Reference |
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
|
| Added |
Reference |
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
|
| Added |
Reference |
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
|
| Added |
Reference |
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
|
| Added |
Reference |
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
|
| Added |
Reference |
https://www.oracle.com/security-alerts/cpuapr2022.html
|
| Added |
Reference |
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
|
| Added |
Reference |
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
|
| Added |
Reference |
https://www.starwindsoftware.com/security/sw-20220818-0001/
|
| Added |
Reference |
https://www.suse.com/support/kb/doc/?id=000020564
|
| Added |
Reference |
https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034
|
Modified Analysis by NIST
11/05/2024 2:38:09 PM
| Action |
Type |
Old Value |
New Value |
| Changed |
CPE Configuration |
OR
*cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*
*cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:*:*:*:*:*:*:*
*cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*
|
OR
*cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*
*cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*
|
Modified Analysis by NIST
11/05/2024 2:38:14 PM
| Action |
Type |
Old Value |
New Value |
| Changed |
CPE Configuration |
OR
*cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*
*cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:*:*:*:*:*:*:*
*cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*
|
OR
*cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*
*cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*
|
CVE Modified by CISA-ADP
11/04/2024 11:35:01 AM
| Action |
Type |
Old Value |
New Value |
| Added |
CVSS V3.1 |
CISA-ADP AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
Modified Analysis by NIST
6/28/2024 10:14:04 AM
| Action |
Type |
Old Value |
New Value |
| Changed |
Reference Type |
https://bugzilla.redhat.com/show_bug.cgi?id=2025869 Issue Tracking, Patch, Vendor Advisory
|
https://bugzilla.redhat.com/show_bug.cgi?id=2025869 Issue Tracking, Patch
|
| Changed |
Reference Type |
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Patch, Third Party Advisory
|
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Patch
|
| Changed |
Reference Type |
https://www.oracle.com/security-alerts/cpuapr2022.html Third Party Advisory
|
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory
|
| Changed |
Reference Type |
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/ No Types Assigned
|
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/ Exploit, Third Party Advisory
|
CVE Modified by Red Hat, Inc.
5/14/2024 5:47:05 AM
| Action |
Type |
Old Value |
New Value |
CVE Modified by Red Hat, Inc.
11/06/2023 10:40:06 PM
| Action |
Type |
Old Value |
New Value |
| Removed |
CWE |
Red Hat, Inc. CWE-125
|
CVE Modified by Red Hat, Inc.
10/17/2023 9:15:25 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/ [No Types Assigned]
|
Modified Analysis by NIST
9/11/2023 3:45:38 PM
| Action |
Type |
Old Value |
New Value |
| Added |
CWE |
NIST CWE-125
|
| Changed |
CPE Configuration |
OR
*cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*
|
OR
*cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:* versions up to (excluding) 121
|
CVE Modified by Red Hat, Inc.
2/13/2023 4:15:13 PM
| Action |
Type |
Old Value |
New Value |
| Changed |
Description |
CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
|
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
|
| Removed |
CVSS V3.1 |
Red Hat, Inc. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| Added |
CWE |
Red Hat, Inc. CWE-125
|
| Added |
CWE |
Red Hat, Inc. CWE-787
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2022:0265 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2022:0266 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2022:0267 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2022:0268 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2022:0269 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2022:0270 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2022:0271 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2022:0272 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2022:0273 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2022:0274 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2022:0443 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2022:0540 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/security/cve/CVE-2021-4034 [No Types Assigned]
|
CVE Modified by Red Hat, Inc.
2/02/2023 4:21:44 PM
| Action |
Type |
Old Value |
New Value |
| Changed |
Description |
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
|
CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
|
| Added |
CVSS V3.1 |
Red Hat, Inc. AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| Removed |
CWE |
Red Hat, Inc. CWE-125
|
| Removed |
CWE |
Red Hat, Inc. CWE-787
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2022:0265 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2022:0266 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2022:0267 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2022:0268 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2022:0269 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2022:0270 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2022:0271 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2022:0272 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2022:0273 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2022:0274 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2022:0443 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2022:0540 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/security/cve/CVE-2021-4034 [No Types Assigned]
|
| Removed |
CWE Reason |
CWE-125 / More specific CWE option available
|
Modified Analysis by NIST
10/25/2022 12:59:09 PM
| Action |
Type |
Old Value |
New Value |
| Added |
CPE Configuration |
OR
*cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*
*cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:*:*:*:*:*:*:*
*cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*
|
| Changed |
Reference Type |
https://www.starwindsoftware.com/security/sw-20220818-0001/ No Types Assigned
|
https://www.starwindsoftware.com/security/sw-20220818-0001/ Third Party Advisory
|
CVE Modified by Red Hat, Inc.
10/11/2022 7:15:09 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
https://www.starwindsoftware.com/security/sw-20220818-0001/ [No Types Assigned]
|
Modified Analysis by NIST
10/05/2022 12:32:41 PM
| Action |
Type |
Old Value |
New Value |
| Added |
CPE Configuration |
AND
OR
*cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.0
OR
cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*
|
| Added |
CPE Configuration |
OR
*cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
*cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
*cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
|
| Added |
CPE Configuration |
OR
*cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:* versions up to (excluding) 3.3.0
|
| Changed |
Reference Type |
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html Third Party Advisory
|
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf No Types Assigned
|
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf Third Party Advisory
|
| Changed |
Reference Type |
https://www.oracle.com/security-alerts/cpuapr2022.html No Types Assigned
|
https://www.oracle.com/security-alerts/cpuapr2022.html Third Party Advisory
|
CVE Modified by Red Hat, Inc.
6/14/2022 6:15:18 AM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf [No Types Assigned]
|
CVE Modified by Red Hat, Inc.
4/19/2022 8:16:34 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
https://www.oracle.com/security-alerts/cpuapr2022.html [No Types Assigned]
|
Modified Analysis by NIST
4/18/2022 5:58:29 AM
| Action |
Type |
Old Value |
New Value |
| Added |
CPE Configuration |
OR
*cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*
*cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*
*cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*
*cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*
*cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*
*cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*
*cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*
*cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*
|
| Changed |
Reference Type |
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html No Types Assigned
|
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html Exploit, Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html No Types Assigned
|
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html Third Party Advisory
|
| Changed |
Reference Type |
https://www.suse.com/support/kb/doc/?id=000020564 No Types Assigned
|
https://www.suse.com/support/kb/doc/?id=000020564 Third Party Advisory
|
| Removed |
Evaluator Description |
Please note that the fix for polkit has been committed to master, but an official release has not been supplied by the maintainers at the time of analysis. This limits the ability of our staff to represent this product through CPE. We advise all users reach out to the organizations responsible for maintaining their package repository to ensure the appropriate version and/or patch of your packages are installed.
|
CVE Modified by Red Hat, Inc.
4/14/2022 11:15:07 AM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
https://www.suse.com/support/kb/doc/?id=000020564 [No Types Assigned]
|
CVE Modified by Red Hat, Inc.
3/04/2022 2:15:08 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html [No Types Assigned]
|
CVE Modified by Red Hat, Inc.
3/03/2022 2:15:08 PM
| Action |
Type |
Old Value |
New Value |
| Added |
CWE |
Red Hat, Inc. CWE-125
|
| Added |
CWE |
Red Hat, Inc. CWE-787
|
| Added |
Reference |
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html [No Types Assigned]
|
Initial Analysis by NIST
1/31/2022 12:50:48 PM
| Action |
Type |
Old Value |
New Value |
| Added |
CVSS V3.1 |
NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| Added |
CVSS V2 |
NIST (AV:L/AC:L/Au:N/C:C/I:C/A:C)
|
| Added |
CWE |
NIST CWE-787
|
| Added |
CPE Configuration |
OR
*cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*
|
| Added |
CPE Configuration |
Record truncated, showing 2048 of 2538 characters.
View Entire Change Record
OR
*cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
*cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
*cpe:2.3:
|
| Added |
CPE Configuration |
OR
*cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*
|
| Changed |
Reference Type |
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 No Types Assigned
|
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 Mitigation, Vendor Advisory
|
| Changed |
Reference Type |
https://bugzilla.redhat.com/show_bug.cgi?id=2025869 No Types Assigned
|
https://bugzilla.redhat.com/show_bug.cgi?id=2025869 Issue Tracking, Patch, Vendor Advisory
|
| Changed |
Reference Type |
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 No Types Assigned
|
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Patch, Third Party Advisory
|
| Changed |
Reference Type |
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt No Types Assigned
|
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt Exploit, Mitigation, Third Party Advisory
|
| Added |
Evaluator Description |
Please note that the fix for polkit has been committed to master, but an official release has not been supplied by the maintainers at the time of analysis. This limits the ability of our staff to represent this product through CPE. We advise all users reach out to the organizations responsible for maintaining their package repository to ensure the appropriate version and/or patch of your packages are installed.
|
CVE Modified by Red Hat, Inc.
1/28/2022 4:15:09 PM
| Action |
Type |
Old Value |
New Value |
| Removed |
CWE |
Red Hat, Inc. CWE-125
|
| Removed |
CWE |
Red Hat, Inc. CWE-787
|
Quick Info
CVE Dictionary Entry: CVE-2021-4034 NVD
Published Date: 01/28/2022 NVD
Last Modified: 06/17/2026
Source: Red Hat, Inc.
|
