CVE-2021-4115

Published Feb 21, 2022

Last updated a year ago

CVSS medium 5.5

Overview

Description: There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other
secalert@redhat.com: CWE-400

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:polkit_project:polkit:0.117:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54D39B43-A973-42A3-BD6E-F5613BBB9421"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References