CVE-2021-4034
- Source
- https://cve.org/CVERecord?id=CVE-2021-4034
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4034.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-4034
- Downstream
- Related
- Published
- 2022-01-28T20:15:12.193Z
- Modified
- 2026-04-16T00:02:33.705576614Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
- Database specific
{ "unresolved_ranges": [ { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "12.2.1.3.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "12.2.1.4.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.8" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.6" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.7" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*", "extracted_events": [ { "fixed": "3.3.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "1.0-update3_build5871" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "v8-build14338" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*", "extracted_events": [ { "last_affected": "15.0-sp2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "4.1" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "4.1" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "extracted_events": [ { "last_affected": "14.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "extracted_events": [ { "last_affected": "16.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "extracted_events": [ { "last_affected": "18.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "extracted_events": [ { "last_affected": "20.04" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "21.10" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.4" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.1" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.4" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "6.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.3" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.4" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.6" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.7" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.4" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.4" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.6" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.7" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.4" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.1" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.4" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*", "extracted_events": [ { "fixed": "2.0" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "15-sp2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*", "extracted_events": [ { "last_affected": "15-sp2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*", "extracted_events": [ { "last_affected": "15-sp2" } ] }, { "source": "CPE_FIELD", "cpe": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "12-sp5" } ] } ] }- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034
- http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
- https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
- https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
- https://www.starwindsoftware.com/security/sw-20220818-0001/
- https://www.suse.com/support/kb/doc/?id=000020564
- https://bugzilla.redhat.com/show_bug.cgi?id=2025869
- https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
- https://www.oracle.com/security-alerts/cpuapr2022.html
- http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
- https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
- https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
- https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034
Affected packages
Git / gitlab.freedesktop.org/polkit/polkit
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.freedesktop.org/polkit/polkit
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Database specific
{ "source": [ "CPE_FIELD", "REFERENCES" ], "cpe": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "fixed": "121" } ] }
Affected versions
0.*
0.100
0.101
0.102
0.103
0.104
0.105
0.106
0.107
0.108
0.109
0.110
0.111
0.112
0.113
0.114
0.115
0.116
0.117
0.118
0.119
0.120
0.91
0.92
0.93
0.94
0.95
0.96
0.97
0.98
0.99
Other
POLICY_KIT_0_3
POLICY_KIT_0_4
POLICY_KIT_0_5
POLICY_KIT_0_6
POLICY_KIT_0_7
POLICY_KIT_0_8
POLICY_KIT_0_9
start
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-4034.json"
vanir_signatures_modified
"2026-04-12T01:58:47Z"
vanir_signatures
[
{
"source": "https://gitlab.freedesktop.org/polkit/polkit@a2bf5c9c83b6ae46cbd5c779d3055bff81ded683",
"digest": {
"length": 9742.0,
"function_hash": "32570418561053402702943127759871466400"
},
"signature_type": "Function",
"signature_version": "v1",
"target": {
"function": "main",
"file": "src/programs/pkexec.c"
},
"deprecated": false,
"id": "CVE-2021-4034-314cbecc"
},
{
"source": "https://gitlab.freedesktop.org/polkit/polkit@a2bf5c9c83b6ae46cbd5c779d3055bff81ded683",
"digest": {
"line_hashes": [
"213998750295636857179079909536485960320",
"278734282904971204434169771972003805228",
"19650700869071089274018684711323071243",
"168828756042991529351455686026289160629",
"40690998152194075775332422815916804684",
"13939387846029825278873453783023749278",
"252652119165071349920865803595180110656",
"70320173189091660192941128994028468583",
"107583928421380347849317833122769418756",
"306196123157583984374424451218656751827",
"144736080548638912673426995235414810295",
"98087446916703697762879769665415488591",
"218819539977279485871861530533275995832",
"32024447173852229240787042447495035321"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/programs/pkexec.c"
},
"id": "CVE-2021-4034-925219d0",
"signature_type": "Line"
},
{
"source": "https://gitlab.freedesktop.org/polkit/polkit@a2bf5c9c83b6ae46cbd5c779d3055bff81ded683",
"digest": {
"length": 5706.0,
"function_hash": "48916128638231852043721993153747674346"
},
"id": "CVE-2021-4034-bd0a4981",
"signature_version": "v1",
"target": {
"function": "main",
"file": "src/programs/pkcheck.c"
},
"signature_type": "Function",
"deprecated": false
},
{
"source": "https://gitlab.freedesktop.org/polkit/polkit@a2bf5c9c83b6ae46cbd5c779d3055bff81ded683",
"digest": {
"line_hashes": [
"273856761981597668010333138287779505402",
"173734811988144302255653828186019334929",
"215501817520057129252303208780659306627"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "src/programs/pkcheck.c"
},
"deprecated": false,
"id": "CVE-2021-4034-e0984eb7"
}
]