8.5 is not affected by polkit?

I tried two exploit codes, none of them works.

And I also checked with RedHat, 8.5 is not in the affected list:


Just want to make sure, 8.5 is not affected?

8.5 was affected. Red Hat Customer Portal - Access to 24x7 support and knowledge

The updated packages have el8_5 in them, which mean they were released during 8.5’s cycle.

That shows now that state of Red Hat Enterprise Linux 8 is Fixed.
It was Affected initially and did update to Fixed when new polkit packages were released as RHSA-2022:0267 (link in nazunalika’s comment).
After release of the update for RHEL 8.5 the Rocky team has rebuilt and released fixed version polkit for Rocky 8.

You clearly have a good update procedure since your system got the new polkit before you tested for the vulnerability. :+1:


No, I am still on the old version.

# rpm -qa|grep polkit

The fixed version is polkit-0.115-13.el8_5.1.x86_64.rpm

Have you tried the exploit code on 8.5?

Below is the test result on my server:

$ ./a.out
[~] compile helper..
[~] maybe get shell now?
Cannot run program lol: No such file or directory

No, I install updates when they are available.

8.5 is affected. See RLSA-2022:267 (See https://errata.almalinux.org)

Yes, I also think it should be affected.
I don’t understand why the exploit code doesn’t work on my server.

Ok, I figured out the cause.
The old code missed “GIO_USE_VFS=”
Updated the code from GitHub - berdav/CVE-2021-4034: CVE-2021-4034 1day, and now it works :slight_smile:

/tmp/CVE-2021-4034 $ ./cve-2021-4034
sh-4.4# id
uid=0(root) gid=0(root) groups=0(root),1000(rain)

I have reproduced the bug on Rocky 8.5.
And after upgrade, the bug was fixed.

/tmp/CVE-2021-4034 $ ./cve-2021-4034
pkexec --version |
       --help |
       --disable-internal-agent |
       [--user username] [PROGRAM] [ARGUMENTS...]

See the pkexec manual page for more details.

Report bugs to: http://lists.freedesktop.org/mailman/listinfo/polkit-devel
polkit home page: <http://www.freedesktop.org/wiki/Software/polkit>