GitHub recent published their findings on a vulnerability that has been in Linux for at least 7 years. This vulnerability is a local privilege escalation and may be the first of it’s kind found in what is a new class of vulnerabilities affecting all Linux systems using dbus. From a user shell and attacker can gain root privileges through dbus using polkit. This affects the following popular Linux distros: Ubuntu 20.04 and Debian “Bullseye”, and RHEL 8.
- GitHub’s Writeup: t.ly/4F0U