Medium severity6.7NVD Advisory· Published Jan 11, 2019· Updated Jun 17, 2026
CVE-2019-6133
CVE-2019-6133
Description
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
70- osv-coords68 versionspkg:rpm/opensuse/polkit&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/polkit&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/polkit&distro=openSUSE%20Tumbleweedpkg:rpm/suse/kernel-default&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/kernel-source&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/kernel-syms&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_39&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_39&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_39&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_36&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_36&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_36&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_36&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_36&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_36&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/polkit&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/polkit&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/polkit&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/polkit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/polkit&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/polkit&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/polkit&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 0.114-lp151.5.3.1+ 67 more
- (no CPE)range: < 0.114-lp151.5.3.1
- (no CPE)range: < 0.114-lp151.5.3.1
- (no CPE)range: < 0.118-7.2
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.121-92.149.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 4.4.180-94.135.1
- (no CPE)range: < 1-3.3.1
- (no CPE)range: < 1-3.3.1
- (no CPE)range: < 1-3.3.1
- (no CPE)range: < 1-4.5.1
- (no CPE)range: < 1-4.5.1
- (no CPE)range: < 1-4.5.1
- (no CPE)range: < 1-4.5.1
- (no CPE)range: < 1-4.5.1
- (no CPE)range: < 1-4.5.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.114-3.9.1
- (no CPE)range: < 0.114-3.9.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
- (no CPE)range: < 0.113-5.18.1
Patches
Vulnerability mechanics
References
24- gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81nvdPatchThird Party Advisory
- gitlab.freedesktop.org/polkit/polkit/merge_requests/19nvdPatchThird Party Advisory
- www.securityfocus.com/bid/106537nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2019:0230nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:0420nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:0832nvdThird Party Advisory
- bugs.chromium.org/p/project-zero/issues/detailnvdIssue TrackingMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/01/msg00021.htmlnvdMailing ListThird Party Advisory
- support.f5.com/csp/article/K22715344nvdThird Party Advisory
- usn.ubuntu.com/3901-1/nvdThird Party Advisory
- usn.ubuntu.com/3901-2/nvdThird Party Advisory
- usn.ubuntu.com/3903-1/nvdThird Party Advisory
- usn.ubuntu.com/3903-2/nvdThird Party Advisory
- usn.ubuntu.com/3908-1/nvdThird Party Advisory
- usn.ubuntu.com/3908-2/nvdThird Party Advisory
- usn.ubuntu.com/3910-1/nvdThird Party Advisory
- usn.ubuntu.com/3910-2/nvdThird Party Advisory
- usn.ubuntu.com/3934-1/nvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.htmlnvd
- access.redhat.com/errata/RHSA-2019:2699nvd
- access.redhat.com/errata/RHSA-2019:2978nvd
- lists.debian.org/debian-lts-announce/2019/05/msg00041.htmlnvd
- lists.debian.org/debian-lts-announce/2019/05/msg00042.htmlnvd
- usn.ubuntu.com/3934-2/nvd
News mentions
0No linked articles in our index yet.