The polkit local privilege escalation bug (tracked as CVE-2021-3560) was publicly disclosed and a fix was released on June 3, 2021. Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. The vulnerability was introduced seven years ago in version 0.113 and was only recently discovered by GitHub Security Lab security researcher Kevin Backhouse. Backhouse says the vulnerability is “very simple and quick to exploit
Source: