CVE-2021-4034

Name: CVE-2021-4034
Creator: NVD / NIST
Published: 2022-01-28T20:15:12.193+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10Actively ExploitedEPSS 94.92%

Last modified Jun 17, 2026

CVE-2021-4034 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. CISA has confirmed active exploitation in the wild. EPSS estimates a 94.92% chance of exploitation in the next 30 days.

Description

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

94.92%

99.9th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jul 18, 2022.

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Polkit Project	Polkit	< 121	—
Redhat	Enterprise Linux Server Update Services For Sap Solutions	7.6	—
Redhat	Enterprise Linux Server Update Services For Sap Solutions	7.7	—
Redhat	Enterprise Linux	8.0	—
Redhat	Enterprise Linux Desktop	7.0	—
Redhat	Enterprise Linux Eus	8.2	—
Redhat	Enterprise Linux For Ibm Z Systems	7.0	—
Redhat	Enterprise Linux For Ibm Z Systems	8.0	—
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.2	—
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.4	—
Redhat	Enterprise Linux For Power Big Endian	7.0	—
Redhat	Enterprise Linux For Power Little Endian	7.0	—
Redhat	Enterprise Linux For Power Little Endian	8.0	—
Redhat	Enterprise Linux For Power Little Endian Eus	8.1	—
Redhat	Enterprise Linux For Power Little Endian Eus	8.2	—
Redhat	Enterprise Linux For Power Little Endian Eus	8.4	—
Redhat	Enterprise Linux For Scientific Computing	7.0	—
Redhat	Enterprise Linux Server	6.0	—
Redhat	Enterprise Linux Server	7.0	—
Redhat	Enterprise Linux Server Aus	7.3	—
Redhat	Enterprise Linux Server Aus	7.4	—
Redhat	Enterprise Linux Server Aus	7.6	—
Redhat	Enterprise Linux Server Aus	7.7	—
Redhat	Enterprise Linux Server Aus	8.2	—
Redhat	Enterprise Linux Server Aus	8.4	—
Redhat	Enterprise Linux Server Eus	8.4	—
Redhat	Enterprise Linux Server Tus	7.6	—
Redhat	Enterprise Linux Server Tus	7.7	—
Redhat	Enterprise Linux Server Tus	8.2	—
Redhat	Enterprise Linux Server Tus	8.4	—
Redhat	Enterprise Linux Server Update Services For Sap Solutions	8.1	—
Redhat	Enterprise Linux Server Update Services For Sap Solutions	8.2	—
Redhat	Enterprise Linux Server Update Services For Sap Solutions	8.4	—
Redhat	Enterprise Linux Workstation	7.0	—
Canonical	Ubuntu Linux	14.04	—
Canonical	Ubuntu Linux	16.04	—
Canonical	Ubuntu Linux	18.04	—
Canonical	Ubuntu Linux	20.04	—
Canonical	Ubuntu Linux	21.10	—
Suse	Enterprise Storage	7.0	—
Suse	Linux Enterprise High Performance Computing	15.0	Sp2
Suse	Manager Proxy	4.1	—
Suse	Manager Server	4.1	—
Suse	Linux Enterprise Desktop	15	Sp2
Suse	Linux Enterprise Server	15	Sp2
Suse	Linux Enterprise Workstation Extension	12	Sp5
Oracle	Http Server	12.2.1.3.0	—
Oracle	Http Server	12.2.1.4.0	—
Oracle	Zfs Storage Appliance Kit	8.8	—
Siemens	Sinumerik Edge	< 3.3.0	—

Showing 50 of 53 affected configurations. See NVD for the full list.

References

http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.htmlThird Party Advisory, VDB Entry
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001Mitigation, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2025869Issue Tracking, Patch
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdfThird Party Advisory
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683Patch
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txtExploit, Mitigation, Third Party Advisory
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/Exploit, Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220818-0001/Third Party Advisory
https://www.suse.com/support/kb/doc/?id=000020564Third Party Advisory
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.htmlThird Party Advisory, VDB Entry
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001Mitigation, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2025869Issue Tracking, Patch
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdfThird Party Advisory
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683Patch
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txtExploit, Mitigation, Third Party Advisory
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/Exploit, Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220818-0001/Third Party Advisory
https://www.suse.com/support/kb/doc/?id=000020564Third Party Advisory
https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034Exploit, Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034US Government Resource

Timeline

Published: Jan 28, 2022
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2021-4034?

How severe is CVE-2021-4034?

CVE-2021-4034 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 94.92% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2021-4034?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-4034?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST