CVE-2021-4034
The polkit vulnerability that is supposedly present in the default configuration of all major Linux distributions has been confirmed by Oracle to be affecting Oracle Linux versions 7 and 8. Attackers can exploit this vulnerability and gain access to “root” gaining full privileges on the exploited system.
At the time of writing this article, the official description of this vulnerability was marked as “RESERVED” and the CVE is yet to make its way to the National Institute of Standards and Technology (NIST) database. The MITRE vulnerability database also does not have much details on this vulnerability other than the record creation date of November 21, 2021.
On January 25th 2022, Oracle released the erratas for Oracle Linux 7 and 8 with updated packages for both x86_64 and aarch64 architectures. Please refer to the below links for more details.
- Oracle Linux 7: ELSA-2022-0274
- Oracle Linux 8: ELSA-2022-0267
The recommendation is to update the packages asap to fix the vulnerability.
IT-Noesis 