CVE-2021-4115: file descriptor leak allows an unprivileged user to cause a crash

[vmihalko]

In GitLab by @smcv on Feb 18, 2022, 10:44

This doesn't appear to have been fixed (or even reported) upstream yet.

• https://marc.info/?l=oss-security&m=164517122621782&w=2
• https://access.redhat.com/security/cve/cve-2021-4115
• https://bugzilla.redhat.com/show_bug.cgi?id=2054127
• https://pkgs.devel.redhat.com/cgit/rpms/polkit/commit/?h=rhel-8.6.0&id=a71b0b5bb6624858a16bfbc1e721757b243709c6 (I cannot access this but presumably the maintainer can)
• https://src.fedoraproject.org/rpms/polkit/c/0a203bd46a1e2ec8cc4b3626840e2ea9d0d13a9a?branch=rawhide

[vmihalko]

In GitLab by @smcv on Feb 18, 2022, 11:00

A patch is available via Fedora. I'm not providing a merge request right now because I don't know how to attribute it to an author. (Possibly @jrybar or Kevin Backhouse?)

[vmihalko]

In GitLab by @alanc on Feb 18, 2022, 20:21

According to https://securitylab.github.com/advisories/GHSL-2021-077-polkit/ this was reported as issue #141 here, but that's currently under restricted access.

[vmihalko]

In GitLab by @smcv on Feb 19, 2022, 24:14

Thanks, this is indeed the same issue as #141.

[vmihalko]

In GitLab by @jrybar on Feb 21, 2022, 09:07

Yeah, I had it prepped in confidential MR, but @halfline uncovered it while we already had weekend here in Europe.