"GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability"

GitHub disclosed details about an easy-to-exploit Linux vulnerability classified as high in severity and tracked as CVE-2021-3560. The exploitation of this flaw can enable privileges to be escalated to root on a targeted system. Additionally, the flaw impacts an authorization service called polkit that exists in many Linux distributions. This vulnerable component is a system service designed to control system-wide privileges, giving non-privileged processes a way to communicate with privileged processes. It was introduced seven years ago in polkit version 0.113 but was only recently discovered by GitHub Security Lab's security researcher Kevin Backhouse. Many of the most popular Linux distributions did not ship with the vulnerable version until recently. Any Linux system shipped with polkit 0.113 or later installed is exposed to attacks. This article continues to discuss the severity and potential exploitation of the Linux system service flaw.

Security Week reports "GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability"