Loading...

XML

Word

Printable

Type: Security Vulnerability
Resolution: Fixed
Priority: Normal
Fix Version/s: None
Component/s: None
Labels:
- cve
- ebuild
- security

sys-auth/polkit has low severity CVE-2021-4115

you can find the best description here

https://gitlab.freedesktop.org/polkit/polkit/-/issues/141 authors claim its low severity
https://access.redhat.com/security/cve/cve-2021-4115 redhat marked it as medium severity

summary from NVD:
https://nvd.nist.gov/vuln/detail/CVE-2021-4115

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

state as of 2022-03-01:
NVD didnt evaluate it yet: https://nvd.nist.gov/vuln/detail/CVE-2021-4115

This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary.

relates to

FL-9355 sys-auth/polkit-0.120 degrades login functionality with SDDM and Enlightenment

Work Queue

FL-9489 KDE Plasma power options (restart, shutdown etc.) affected by polkit-0.120 update

Work Queue

Assignee:: mrl5

Reporter:: mrl5

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 01/Mar/22 1:27 PM

Updated:: 05/Mar/22 11:18 AM

Resolved:: 05/Mar/22 11:18 AM