A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.
{
"binaries": [
{
"binary_version": "0.105-20ubuntu0.18.04.6",
"binary_name": "gir1.2-polkit-1.0"
},
{
"binary_version": "0.105-20ubuntu0.18.04.6",
"binary_name": "libpolkit-agent-1-0"
},
{
"binary_version": "0.105-20ubuntu0.18.04.6",
"binary_name": "libpolkit-backend-1-0"
},
{
"binary_version": "0.105-20ubuntu0.18.04.6",
"binary_name": "libpolkit-gobject-1-0"
},
{
"binary_version": "0.105-20ubuntu0.18.04.6",
"binary_name": "policykit-1"
}
]
}{
"binaries": [
{
"binary_version": "0.105-26ubuntu1.3",
"binary_name": "gir1.2-polkit-1.0"
},
{
"binary_version": "0.105-26ubuntu1.3",
"binary_name": "libpolkit-agent-1-0"
},
{
"binary_version": "0.105-26ubuntu1.3",
"binary_name": "libpolkit-gobject-1-0"
},
{
"binary_version": "0.105-26ubuntu1.3",
"binary_name": "policykit-1"
}
]
}{
"binaries": [
{
"binary_version": "0.105-33ubuntu0.1",
"binary_name": "gir1.2-polkit-1.0"
},
{
"binary_version": "0.105-33ubuntu0.1",
"binary_name": "libpolkit-agent-1-0"
},
{
"binary_version": "0.105-33ubuntu0.1",
"binary_name": "libpolkit-gobject-1-0"
},
{
"binary_version": "0.105-33ubuntu0.1",
"binary_name": "pkexec"
},
{
"binary_version": "0.105-33ubuntu0.1",
"binary_name": "policykit-1"
},
{
"binary_version": "0.105-33ubuntu0.1",
"binary_name": "polkitd"
}
],
"availability": "No subscription required"
}{
"binaries": [
{
"binary_version": "124-2ubuntu1.24.04.3",
"binary_name": "gir1.2-polkit-1.0"
},
{
"binary_version": "124-2ubuntu1.24.04.3",
"binary_name": "libpolkit-agent-1-0"
},
{
"binary_version": "124-2ubuntu1.24.04.3",
"binary_name": "libpolkit-gobject-1-0"
},
{
"binary_version": "124-2ubuntu1.24.04.3",
"binary_name": "pkexec"
},
{
"binary_version": "124-2ubuntu1.24.04.3",
"binary_name": "policykit-1"
},
{
"binary_version": "124-2ubuntu1.24.04.3",
"binary_name": "polkitd"
},
{
"binary_version": "124-2ubuntu1.24.04.3",
"binary_name": "polkitd-pkla"
}
],
"availability": "No subscription required"
}{
"binaries": [
{
"binary_version": "126-2ubuntu0.1",
"binary_name": "gir1.2-polkit-1.0"
},
{
"binary_version": "126-2ubuntu0.1",
"binary_name": "libpolkit-agent-1-0"
},
{
"binary_version": "126-2ubuntu0.1",
"binary_name": "libpolkit-gobject-1-0"
},
{
"binary_version": "126-2ubuntu0.1",
"binary_name": "pkexec"
},
{
"binary_version": "126-2ubuntu0.1",
"binary_name": "polkitd"
}
],
"availability": "No subscription required"
}{
"binaries": [
{
"binary_version": "0.105-4ubuntu3.14.04.6+esm1",
"binary_name": "gir1.2-polkit-1.0"
},
{
"binary_version": "0.105-4ubuntu3.14.04.6+esm1",
"binary_name": "libpolkit-agent-1-0"
},
{
"binary_version": "0.105-4ubuntu3.14.04.6+esm1",
"binary_name": "libpolkit-backend-1-0"
},
{
"binary_version": "0.105-4ubuntu3.14.04.6+esm1",
"binary_name": "libpolkit-gobject-1-0"
},
{
"binary_version": "0.105-4ubuntu3.14.04.6+esm1",
"binary_name": "policykit-1"
}
]
}{
"binaries": [
{
"binary_version": "0.105-14.1ubuntu0.5+esm1",
"binary_name": "gir1.2-polkit-1.0"
},
{
"binary_version": "0.105-14.1ubuntu0.5+esm1",
"binary_name": "libpolkit-agent-1-0"
},
{
"binary_version": "0.105-14.1ubuntu0.5+esm1",
"binary_name": "libpolkit-backend-1-0"
},
{
"binary_version": "0.105-14.1ubuntu0.5+esm1",
"binary_name": "libpolkit-gobject-1-0"
},
{
"binary_version": "0.105-14.1ubuntu0.5+esm1",
"binary_name": "policykit-1"
}
]
}