CVE-2021-4034 - Vulnerability Details

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since June 27, 2022.

The EPSS score is 0.87035.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Canonical	Ubuntu Linux
Oracle	Http Server Zfs Storage Appliance Kit
Polkit Project	Polkit
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Power Big Endian Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux For Scientific Computing Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Eus Enterprise Linux Server Tus Enterprise Linux Server Update Services For Sap Solutions Enterprise Linux Workstation Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus Rhev Hypervisor
Siemens	Scalance Lpe9403 Scalance Lpe9403 Firmware Sinumerik Edge
Starwindsoftware	Command Center Starwind Virtual San
Suse	Enterprise Storage Linux Enterprise Desktop Linux Enterprise High Performance Computing Linux Enterprise Server Linux Enterprise Workstation Extension Manager Proxy Manager Server

Configuration 1 [-]

cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:::::::*
	cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:suse:enterprise_storage:7.0:::::::*
	cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:::-:::*
	cpe:2.3:a:suse:manager_proxy:4.1:::::::*
	cpe:2.3:a:suse:manager_server:4.1:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_server:15:sp2::::-::*
	cpe:2.3:o:suse:linux_enterprise_server:15:sp2::::sap::*
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5::::::

Configuration 5 [-]

OR	cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

Configuration 6 [-]

cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

Configuration 8 [-]

OR	cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871::::::
	cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support
polkit-0:0.96-11.el6_10.2	cpe:/o:redhat:rhel_els:6	RHSA-2022:0269	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7
polkit-0:0.112-26.el7_9.1	cpe:/o:redhat:enterprise_linux:7	RHSA-2022:0274	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
polkit-0:0.112-12.el7_3.1	cpe:/o:redhat:rhel_aus:7.3	RHSA-2022:0270	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
polkit-0:0.112-12.el7_4.2	cpe:/o:redhat:rhel_aus:7.4	RHSA-2022:0272	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)
polkit-0:0.112-18.el7_6.3	cpe:/o:redhat:rhel_aus:7.6	RHSA-2022:0271	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.6 Telco Extended Update Support
polkit-0:0.112-18.el7_6.3	cpe:/o:redhat:rhel_tus:7.6	RHSA-2022:0271	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
polkit-0:0.112-18.el7_6.3	cpe:/o:redhat:rhel_e4s:7.6	RHSA-2022:0271	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
polkit-0:0.112-22.el7_7.2	cpe:/o:redhat:rhel_aus:7.7	RHSA-2022:0273	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.7 Telco Extended Update Support
polkit-0:0.112-22.el7_7.2	cpe:/o:redhat:rhel_tus:7.7	RHSA-2022:0273	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
polkit-0:0.112-22.el7_7.2	cpe:/o:redhat:rhel_e4s:7.7	RHSA-2022:0273	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 8
polkit-0:0.115-13.el8_5.1	cpe:/o:redhat:enterprise_linux:8	RHSA-2022:0267	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
polkit-0:0.115-9.el8_1.2	cpe:/o:redhat:rhel_e4s:8.1	RHSA-2022:0268	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
polkit-0:0.115-11.el8_2.2	cpe:/o:redhat:rhel_eus:8.2	RHSA-2022:0265	2022-01-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support
polkit-0:0.115-11.el8_4.2	cpe:/o:redhat:rhel_eus:8.4	RHSA-2022:0266	2022-01-25T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
redhat-virtualization-host-0:4.3.21-20220126.0.el7_9	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2022:0443	2022-02-07T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.4.10-202202081536_8.5	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2022:0540	2022-02-15T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2899-1	policykit-1 security update
Debian DSA	DSA-5059-1	policykit-1 security update
Ubuntu USN	USN-5252-1	PolicyKit vulnerability
Ubuntu USN	USN-5252-2	PolicyKit vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
https://nvd.nist.gov/vuln/detail/CVE-2021-4034
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2021-4034
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
https://www.starwindsoftware.com/security/sw-20220818-0001/
https://www.suse.com/support/kb/doc/?id=000020564
https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.8831}`	epss `{'score': 0.88697}`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034

Tue, 05 Nov 2024 20:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:::::::*
Vendors & Products	Starwindsoftware starwind Hyperconverged Appliance

Mon, 04 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-06-27'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 01:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-01-28T00:00:00.000Z

Updated: 2025-07-30T01:37:49.906Z

Reserved: 2021-11-29T00:00:00.000Z

Link: CVE-2021-4034

Vulnrichment

Updated: 2024-09-23T18:05:54.355Z

NVD

Status : Analyzed

Published: 2022-01-28T20:15:12.193

Modified: 2025-04-03T18:53:12.960

Link: CVE-2021-4034

Redhat

Severity : Important

Publid Date: 2022-01-25T17:00:00Z

Links: CVE-2021-4034 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object