Experts say that it is only a matter of time before a vulnerability is discovered that allows Linux to freely acquire root privileges.

A new vulnerability, PwnKit, that has existed in Linux for 12 years has been revealed, affecting most of the major Linux distributions. Exploits are in the proof-of-concept stage, but are seen as 'abuse is only a matter of time.'

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit's pkexec (CVE-2021-4034) | Qualys Security Blog
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

A bug lurking for 12 years gives attackers root on most major Linux distros | Ars Technica
https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/

This exploit uses the Linux privilege management toolkit ' Polkit (PolicyKit) '. Sudo is also widely used as a privilege management program, but unlike sudo, which gives root privileges to all processes, Polkit is characterized by its ability to control system policies at a finer level.

Qualys, a security company, has announced in a new investigation that malicious attackers can use Polkit to freely gain root privileges by executing the pkexec command. The problematic vulnerability 'CVE-2021-4034' is included in all versions of pkexec released after May 2009. By independently verifying the vulnerability and developing an exploit, the research team has succeeded in obtaining full root privileges on Ubuntu, Debian, Fedora, and CentOS, and 'probably vulnerable to other Linux distributions.' There is a possibility and an exploit is feasible. '

You can see the details of this vulnerability called PwnKit in the following movie.

PwnKit Vulnerability on Vimeo


Bharat Jogi, Director of Vulnerability Threat Investigation at Qualys, states that exploits require locally authenticated access on vulnerable machines and cannot be run remotely.

The research team contacted the open source distribution developer and vendor immediately after confirming the vulnerability. On the other hand, Qualys has not published proof-of-concept exploit code due to its negative impact on users. However, researchers believe it's only a matter of time before PwnKit is abused.