CVE-2021-3560: A Newly Discover LPE that has been in Linux for 7 Years

GitHub recent published their findings on a vulnerability that has been in Linux for at least 7 years. This vulnerability is a local privilege escalation and may be the first of it’s kind found in what is a new class of vulnerabilities affecting all Linux systems using dbus.  From a user shell and attacker can gain root privileges through dbus using polkit. This affects the following popular Linux distros: Ubuntu 20.04 and Debian “Bullseye”, and RHEL 8.


Leave a Reply