VYPR

Polkit

by Xorg

CVEs (3)

  • CVE-2016-2568HigFeb 13, 2017
    risk 0.51cvss 7.8epss 0.00

    pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

  • CVE-2026-4897MedMar 26, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of…

  • CVE-2019-6133Jan 11, 2019
    risk 0.00cvss epss 0.00

    In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.