VDB
CVE-2021-3560
CVE-2021-3560
PUBLISHED
KEV
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
EPSS 9.10% · 92.8th percentile
Risk Scores
EPSS Score
9.10%
92.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | policykit-1 | 0 |
| Ubuntu:20.04:LTS | policykit-1 | 0, 0.105-26ubuntu1 |
Exploit Intelligence
- Повышение привилегий через race condition в polkit (github-poc-repo)
- Повышение привилегий через race condition в polkit (github-poc-repo)
- Повышение привилегий через race condition в polkit (github-poc-repo)
- Повышение привилегий через race condition в polkit (github-poc-repo)
- Повышение привилегий через race condition в polkit (github-poc-repo)
- Повышение привилегий через race condition в polkit (github-poc-repo)
- Повышение привилегий через race condition в polkit (github-poc-repo)
- Повышение привилегий через race condition в polkit (github-poc)
- Повышение привилегий через race condition в polkit (github-poc)
- Повышение привилегий через race condition в polkit (github-poc)
…and 361 more exploits
Timeline
- Jun 3, 2021 CVE Published
- Jun 15, 2021 PoC Published
- Jul 10, 2021 PoC Published
- Feb 17, 2022 EPSS Score
- Jul 15, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 12, 2023 CISA KEV Added
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Apr 14, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-3560 third-party-advisory
- https://ubuntu.com/security/notices/USN-4980-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-3560 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory