Monday 14 June 2021
The impact of this issue announcement is high. Please act accordingly to rectify the issue, as stated below.
What you need to know:
Discovered by GitHub Security research, unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system (CVE-2021-3560), a service installed by default on most modern Linux distros.
Linux distros using polkit service
Actions to be taken:
Administrators are encouraged to look at the technical documentation of the polkit security flaw in https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/ along with the affected distros, as well as its upgrades.