CVE-2021-3560: Linux Privilege Escalation Vulnerability Alert

Last week, GitHub disclosed the details of an easily exploitable Linux vulnerability that can be used to elevate the user privileges of the target system to root privileges. The vulnerability is classified as high-risk and marked as CVE-2021-3560, affecting the authorization service polkit that exists by default in many Linux distributions.

This security vulnerability was discovered by Kevin Backhouse of the GitHub Security Lab. The researcher published a blog post detailing his findings and a video showing the vulnerability. A local, unprivileged attacker only needs to execute a few commands on the terminal to exploit this vulnerability to elevate his authority to root. The vulnerability has been confirmed to affect some versions of Red Hat Enterprise Linux, Fedora, Debian, and Ubuntu. The patch for CVE-2021-3560 was released on June 3.

Backhouse said: “The bug I found was quite old. It was introduced seven years ago in commit bfa5036 and first shipped with polkit version 0.113. However, many of the most popular Linux distributions didn’t ship the vulnerable version until more recently.”  It’s important that you update your Linux installations as soon as possible.