CVE-2021-4034

7.8 HIGH CISA KEV - Actively Exploited
Published: January 28, 2022 Modified: November 06, 2025
View on NVD

Description

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
Source: secalert@redhat.com
Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
Source: secalert@redhat.com
Third Party Advisory VDB Entry
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
Source: secalert@redhat.com
Mitigation Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
Source: secalert@redhat.com
Issue Tracking Patch
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
Source: secalert@redhat.com
Third Party Advisory
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
Source: secalert@redhat.com
Patch
https://www.oracle.com/security-alerts/cpuapr2022.html
Source: secalert@redhat.com
Patch Third Party Advisory
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
Source: secalert@redhat.com
Exploit Mitigation Third Party Advisory
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
Source: secalert@redhat.com
Exploit Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220818-0001/
Source: secalert@redhat.com
Third Party Advisory
https://www.suse.com/support/kb/doc/?id=000020564
Source: secalert@redhat.com
Third Party Advisory
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
Source: af854a3a-2127-422b-91ae-364da2661108
Mitigation Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
https://www.oracle.com/security-alerts/cpuapr2022.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Mitigation Third Party Advisory
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220818-0001/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.suse.com/support/kb/doc/?id=000020564
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

24 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.8 / 10.0
EPSS (Exploit Probability)
87.3%
99th percentile
Exploitation Status
Actively Exploited
Remediation due: 2022-07-18

Weaknesses (CWE)

CWE-787 CWE-125 CWE-787

Affected Vendors

suse redhat canonical starwindsoftware oracle siemens polkit_project

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3