Back to KEVs

CVE-2021-4034

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow...

Basic Information

CVE State: PUBLISHED
Reserved Date: November 29, 2021
Published Date: January 28, 2022
Last Updated: February 13, 2025
Vendor: n/a
Product: polkit
Description: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-06-27 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2024-01-16 10:18:38 UTC) Source

References

https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt https://bugzilla.redhat.com/show_bug.cgi?id=2025869 https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 https://www.oracle.com/security-alerts/cpuapr2022.html http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html https://www.suse.com/support/kb/doc/?id=000020564 https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf https://www.starwindsoftware.com/security/sw-20220818-0001/ https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-06-27 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/cve_2021_4034_pwnkit_lpe_pkexec.rb	2025-04-29 11:01:17 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

cve_2021_4034_pwnkit_lpe_pkexec

Type: metasploit • Created: Unknown

Metasploit module for CVE-2021-4034

wechicken456/CVE-2021-4034-CTF-writeup

Type: github • Created: 2024-02-04 19:00:38 UTC • Stars: 2

Pol-Ruiz/CVE-2021-4034

Type: github • Created: 2024-01-16 10:18:38 UTC • Stars: 0

Pixailz/CVE-2021-4034

Type: github • Created: 2022-10-10 22:56:09 UTC • Stars: 2

polkit priv esc: pkexec out of boundary exploit

TanmoyG1800/CVE-2021-4034

Type: github • Created: 2022-06-03 17:03:44 UTC • Stars: 0

TheJoyOfHacking/berdav-CVE-2021-4034

Type: github • Created: 2022-03-23 11:08:20 UTC • Stars: 4

LJP-TW/CVE-2021-4034

Type: github • Created: 2022-02-17 13:17:07 UTC • Stars: 2

pkexec EoP exploit

ck00004/CVE-2021-4034

Type: github • Created: 2022-02-15 02:34:48 UTC • Stars: 28

CVE-2021-4034 centos8可用版本

x04000/CVE-2021-4034

Type: github • Created: 2022-02-13 11:37:43 UTC • Stars: 3

A simple PWNKIT file to convert you to root

rvizx/CVE-2021-4034

Type: github • Created: 2022-02-04 18:31:15 UTC • Stars: 8

PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec in Python

Ankit-Ojha16/CVE-2021-4034

Type: github • Created: 2022-02-02 09:26:24 UTC • Stars: 0

navisec/CVE-2021-4034-PwnKit

Type: github • Created: 2022-01-30 03:08:51 UTC • Stars: 5

PwnKit PoC for Polkit pkexec CVE-2021-4034

sofire/polkit-0.96-CVE-2021-4034

Type: github • Created: 2022-01-29 06:54:49 UTC • Stars: 8

centos 6.10 rpm for fix polkit CVE-2021-4034; centos 6.10的rpm包，修复CVE-2021-4034 漏洞

NeonWhiteRabbit/CVE-2021-4034

Type: github • Created: 2022-01-28 18:12:54 UTC • Stars: 18

Pwnkit Exploit (CVE-2021-4034), no download capabilty? Copy and paste it!

Kirill89/CVE-2021-4034

Type: github • Created: 2022-01-28 15:16:44 UTC • Stars: 6

pkexec (Polkit) exploit of Privilege Escalation vulnerability CVE-2021-4034

Rvn0xsy/CVE-2021-4034

Type: github • Created: 2022-01-28 15:13:28 UTC • Stars: 97

CVE-2021-4034 Add Root User - Pkexec Local Privilege Escalation

Yakumwamba/POC-CVE-2021-4034

Type: github • Created: 2022-01-28 13:04:22 UTC • Stars: 5

NeonWhiteRabbit/CVE-2021-4034-BASH-One-File-Exploit

Type: github • Created: 2022-01-28 03:58:34 UTC • Stars: 2

CVE-2021-4034 - One line in the terminal for an instant priv esc to boxes that are vulnerable. See usage.

EstamelGG/CVE-2021-4034-NoGCC

Type: github • Created: 2022-01-28 02:54:38 UTC • Stars: 79

CVE-2021-4034简单优化，以应对没有安装gcc和make的目标环境

c3c/CVE-2021-4034

Type: github • Created: 2022-01-27 17:43:24 UTC • Stars: 25

Pre-compiled builds for CVE-2021-4034

deoxykev/CVE-2021-4034-Rust

Type: github • Created: 2022-01-27 16:28:56 UTC • Stars: 2

Linux LPE using polkit-1 written in Rust.

locksec/CVE-2021-4034

Type: github • Created: 2022-01-27 16:15:21 UTC • Stars: 2

Exploit PoC for the polkit pkexec (PWNKIT) vulnerability

PwnFunction/CVE-2021-4034

Type: github • Created: 2022-01-27 14:43:57 UTC • Stars: 344

Proof of concept for pwnkit vulnerability

Plethore/CVE-2021-4034

Type: github • Created: 2022-01-27 10:05:09 UTC • Stars: 0

Python exploit for CVE-2021-4034

thatstraw/CVE-2021-4034

Type: github • Created: 2022-01-27 09:35:54 UTC • Stars: 2

NiS3x/CVE-2021-4034

Type: github • Created: 2022-01-27 08:28:56 UTC • Stars: 1

PoC CVE 2021-4034 PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec

Al1ex/CVE-2021-4034

Type: github • Created: 2022-01-27 02:27:15 UTC • Stars: 4

Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

cd80-ctf/CVE-2021-4034

Type: github • Created: 2022-01-27 01:14:11 UTC • Stars: 2

A simple proof-of-concept for CVE-2021-4034 (pkexec local privilege escalation)

nobelh/CVE-2021-4034

Type: github • Created: 2022-01-26 20:32:10 UTC • Stars: 0

Polkit pkexec CVE-2021-4034 Proof Of Concept and Patching

Anonymous-Family/CVE-2021-4034

Type: github • Created: 2022-01-26 18:53:47 UTC • Stars: 2

Linux system service bug gives root on all major distros, exploit published A vulnerability in the pkexec component of Polkit identified as CVE-2021-4034 PwnKit is present in the default configuration of all major Linux distributions and can be exploited to gain privileges over the compj researchers.