oss-sec mailing list archives

CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash.

From: Devon Thompson <devthomp () redhat com>
Date: Thu, 17 Feb 2022 16:35:38 -0500

Description:
There is an error handing flaw in polkit which can allow an unprivileged user to cause polkit to crash.
The crash happens due to process file descriptor exhaustion.
NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned.


References:
https://access.redhat.com/security/cve/cve-2021-4115
https://bugzilla.redhat.com/show_bug.cgi?id=2054127
https://pkgs.devel.redhat.com/cgit/rpms/polkit/commit/?h=rhel-8.6.0&id=a71b0b5bb6624858a16bfbc1e721757b243709c6

Current thread:

CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash. Devon Thompson (Feb 18)
- Re: CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash. Alan Coopersmith (Feb 18)
  - Re: CVE-2021-4115: polkit: file descriptor leak allows an unprivileged user to cause a crash. Alan Coopersmith (Feb 18)