A privilege escalation vulnerability CVE-2021-4034 has been discovered on polkit’s pkexec utility – a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. A temporary mitigation is to remove the setuid bit from /usr/bin/pkexec.

Public exploit for this vulnerability is available. Details about this vulnerability are available in this SVG advisory.