Security vulnerability: CVE-2021-4034 local root exploit in polkit aka "pwnkit"

This document (000020564) is provided subject to the disclaimer at the end of this document.

Environment

For a comprehensive list of affected products and package versions, please see the SUSE CVE announcement:
https://www.suse.com/security/cve/CVE-2021-4034.html
 

Situation

Qualys security researchers have identified a local root exploit in "pkexec" component of polkit. Local attackers can use the setuid root /usr/bin/pkexec binary to reliably escalate privileges to root.

This vulnerability affects all SLES 12 and SLES 15 service packs.
The vulnerability does not affect SLES 11, as it used a previous generation called PolicyKit.

Resolution

Installing the updated packages provided by SUSE is sufficient to fix the problem. Please use

zypper lp -a --cve=CVE-2021-4034

to search for the specific patch information. A restart of the service is not required.

Please note that for any SPx (Service Pack level) which is no longer in general support, an LTSS or ESPOS subscription may be needed to obtain the update.  Please see the SUSE "CVE Page" link in the "Additional Information" section below for more details about each SPx.

SUSE does not recommend removing the setuid bit as it will cause breakage on the system. Removing the setuid permission from the pkexec binary will prevent it from working properly for legitimate use cases.  This means that any application which relies on pkexec execution will stop working, possibly causing unexpected system errors and behavior. 
The workaround prevents exploitation and might be the right thing to do given how easy the exploit it, but customers must be aware that this will break functionality until the update is installed.

Status

Security Alert

Additional Information

Workaround

It is also possible to remove the setuid bit from /usr/bin/pkexec with

    chmod 755 /usr/bin/pkexec

or even delete /usr/bin/pkexec until fixed packages can be installed.

References:

Researcher blog:
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020564
  • Creation Date: 07-Feb-2022
  • Modified Date:07-Feb-2022
    • SUSE Linux Enterprise Desktop
    • SUSE Linux Enterprise Real Time
    • SUSE Linux Enterprise Server
    • SUSE Linux Enterprise Server for SAP Applications
    • SUSE Manager Server
    • SUSE Linux Enterprise Micro
    • SUSE Manager Proxy
    • SUSE Linux Enterprise HPC

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center