PwnKit (CVE-2021-4034)
PwnKit is the polkit pkexec local privilege escalation that affected essentially every Linux distribution since 2009 — a 12-year-old root bug.
Definition
PwnKit (CVE-2021-4034) is a local privilege escalation in polkit's `pkexec` utility, present in virtually every Linux distribution since polkit's 2009 release. The bug is in `pkexec`'s argument-handling logic: invoking `pkexec` with an empty `argv` triggers an out-of-bounds read of environment variables and a follow-on overwrite that lets an unprivileged user inject an environment variable, `pkexec` honours, and the user gains root.
PwnKit is a textbook case of a bug hiding in plain sight: trivial to weaponise, present everywhere, undiscovered for 12 years.
Mitigation
Patch polkit. As a workaround, removing the setuid bit from `pkexec` blocks exploitation.