CVE-2021-4034 - Vulnerability Details

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since June 27, 2022.

The EPSS score is 0.87261.

Exploitation active

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

polkit

affected

Version	Status	Constraints
`all`	affected	—

Configuration 1 [-]

cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:::::::*
	cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:suse:enterprise_storage:7.0:::::::*
	cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:::-:::*
	cpe:2.3:a:suse:manager_proxy:4.1:::::::*
	cpe:2.3:a:suse:manager_server:4.1:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_server:15:sp2::::-::*
	cpe:2.3:o:suse:linux_enterprise_server:15:sp2::::sap::*
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5::::::

Configuration 5 [-]

OR	cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

Configuration 6 [-]

cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

Configuration 8 [-]

OR	cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871::::::
	cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support
polkit-0:0.96-11.el6_10.2	cpe:/o:redhat:rhel_els:6	RHSA-2022:0269	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7
polkit-0:0.112-26.el7_9.1	cpe:/o:redhat:enterprise_linux:7	RHSA-2022:0274	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
polkit-0:0.112-12.el7_3.1	cpe:/o:redhat:rhel_aus:7.3	RHSA-2022:0270	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
polkit-0:0.112-12.el7_4.2	cpe:/o:redhat:rhel_aus:7.4	RHSA-2022:0272	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)
polkit-0:0.112-18.el7_6.3	cpe:/o:redhat:rhel_aus:7.6	RHSA-2022:0271	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.6 Telco Extended Update Support
polkit-0:0.112-18.el7_6.3	cpe:/o:redhat:rhel_tus:7.6	RHSA-2022:0271	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
polkit-0:0.112-18.el7_6.3	cpe:/o:redhat:rhel_e4s:7.6	RHSA-2022:0271	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
polkit-0:0.112-22.el7_7.2	cpe:/o:redhat:rhel_aus:7.7	RHSA-2022:0273	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.7 Telco Extended Update Support
polkit-0:0.112-22.el7_7.2	cpe:/o:redhat:rhel_tus:7.7	RHSA-2022:0273	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
polkit-0:0.112-22.el7_7.2	cpe:/o:redhat:rhel_e4s:7.7	RHSA-2022:0273	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 8
polkit-0:0.115-13.el8_5.1	cpe:/o:redhat:enterprise_linux:8	RHSA-2022:0267	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
polkit-0:0.115-9.el8_1.2	cpe:/o:redhat:rhel_e4s:8.1	RHSA-2022:0268	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
polkit-0:0.115-11.el8_2.2	cpe:/o:redhat:rhel_eus:8.2	RHSA-2022:0265	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support
polkit-0:0.115-11.el8_4.2	cpe:/o:redhat:rhel_eus:8.4	RHSA-2022:0266	2022-01-25T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
redhat-virtualization-host-0:4.3.21-20220126.0.el7_9	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2022:0443	2022-02-07T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.4.10-202202081536_8.5	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2022:0540	2022-02-15T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Canonical Subscribe	Ubuntu Linux Subscribe
Oracle Subscribe	Http Server Subscribe Zfs Storage Appliance Kit Subscribe
Polkit Project Subscribe	Polkit Subscribe
Redhat Subscribe	Enterprise Linux Subscribe Enterprise Linux Desktop Subscribe Enterprise Linux Eus Subscribe Enterprise Linux For Ibm Z Systems Subscribe Enterprise Linux For Ibm Z Systems Eus Subscribe Enterprise Linux For Power Big Endian Subscribe Enterprise Linux For Power Little Endian Subscribe Enterprise Linux For Power Little Endian Eus Subscribe Enterprise Linux For Scientific Computing Subscribe Enterprise Linux Server Subscribe Enterprise Linux Server Aus Subscribe Enterprise Linux Server Eus Subscribe Enterprise Linux Server Tus Subscribe Enterprise Linux Server Update Services For Sap Solutions Subscribe Enterprise Linux Workstation Subscribe Rhel Aus Subscribe Rhel E4s Subscribe Rhel Els Subscribe Rhel Eus Subscribe Rhel Tus Subscribe Rhev Hypervisor Subscribe
Siemens Subscribe	Scalance Lpe9403 Subscribe Scalance Lpe9403 Firmware Subscribe Sinumerik Edge Subscribe
Starwindsoftware Subscribe	Command Center Subscribe Starwind Virtual San Subscribe
Suse Subscribe	Enterprise Storage Subscribe Linux Enterprise Desktop Subscribe Linux Enterprise High Performance Computing Subscribe Linux Enterprise Server Subscribe Linux Enterprise Workstation Extension Subscribe Manager Proxy Subscribe Manager Server Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-2899-1	policykit-1 security update
Debian DSA	DSA-5059-1	policykit-1 security update
Ubuntu USN	USN-5252-1	PolicyKit vulnerability
Ubuntu USN	USN-5252-2	PolicyKit vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
https://nvd.nist.gov/vuln/detail/CVE-2021-4034
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034
https://www.cve.org/CVERecord?id=CVE-2021-4034
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
https://www.starwindsoftware.com/security/sw-20220818-0001/
https://www.suse.com/support/kb/doc/?id=000020564
https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034

History

Wed, 22 Oct 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.8831}`	epss `{'score': 0.88697}`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034

Tue, 05 Nov 2024 20:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:::::::*
Vendors & Products	Starwindsoftware starwind Hyperconverged Appliance

Mon, 04 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-06-27'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 01:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-01-28T00:00:00.000Z

Updated: 2025-10-21T23:15:48.549Z

Reserved: 2021-11-29T00:00:00.000Z

Link: CVE-2021-4034

Vulnrichment

Updated: 2024-09-23T18:05:54.355Z

NVD

Status : Analyzed

Published: 2022-01-28T20:15:12.193

Modified: 2025-11-06T14:50:26.470

Link: CVE-2021-4034

Redhat

Severity : Important

Publid Date: 2022-01-25T17:00:00Z

Links: CVE-2021-4034 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object