Polkit Vulnerability in Linux OS | CVE-2021-4034 | Pkexec Application | Pwnkit
Polkit is a package that defines/handles the policies that allows access for unprivileged processes to communicate with privileged processes on a Linux OS. Pkexec is an application that is part of Polkit that allows a user to execute commands as another user (Similar to Sudo) on a Linux system. The current version of Pkexec allows the user to execute any arbitrary code by passing a crafted argument and this allows a non-privileged user to bypass any policies/authentication on any Linux OS and execute commands as a “Root” user.
Impact: This vulnerability can’t be easily exploited unless the attacker has access to a user account on the Linux system. So if the user accounts are limited then there is less chance of this vulnerability getting exploited by the attackers.