CVE-2021-4115

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

References

Affected packages

Debian:11 / policykit-1

Package

Name: policykit-1
Purl: pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.105-31

0.105-31+deb11u1

0.105-31.1~deb12u1

0.105-31.1

0.105-32

0.105-33

0.109-1

0.110-1

0.110-2

0.110-3

0.112-1

0.112-2

0.112-3

0.112-4

0.112-5

0.113-1

0.113-2

0.113-3

0.113-4

0.113-5

0.113-6

0.114-1

0.115-1

0.115-2

0.115-3

0.116-1

0.116-2

0.116-3

0.117-1

0.118-1

0.118-2

0.119-1

0.120-1

0.120-2

0.120-3

0.120-4

0.120-5

0.120-6

Other

121-1

121-2

122-1

122-2

122-3

122-4

123-1

123-2

123-3

124-1

124-2

124-3

125-1

125-2

126-1

126-2

121+compat0.*

121+compat0.1-1

121+compat0.1-2

121+compat0.1-3

121+compat0.1-4

121+compat0.1-5

121+compat0.1-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / policykit-1

Package

Name: policykit-1
Purl: pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.105-32

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / policykit-1

Package

Name: policykit-1
Purl: pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.105-32

Ecosystem specific

{
    "urgency": "not yet assigned"
}