A 12-year-old vulnerability in the Linux kernel has been exploited by hackers to grant them root access to systems. The vulnerability, which was first identified in March of this year, affects the way that Linux handles input from certain devices. By exploiting the vulnerability, attackers can gain access to systems and data that is protected by the user’s login credentials. The vulnerability was discovered by researchers at Red Hat who released a patch for it in early May. However, because many distributions do not automatically apply updates to their kernels, many systems are still vulnerable. In a blog post published on Thursday, Red Hat warned that “Linux users are highly exposed” to attacks based on the vulnerability and urged them to update their systems as soon as possible. The exploit used in this particular attack is known as “Dirty COW.” It is a well-known exploit technique that allows attackers to take control of systems by exploiting vulnerabilities in applications that run on top of the Linux kernel. Dirty COW exploits have been used in a number of high-profile attacks over the past few years, including attacks against Google and Twitter last year and an attack against Sony Pictures last month. This latest attack demonstrates just how vulnerable Linux systems are even when they are updated with security patches. In light of this incident, it is important for system administrators to keep an eye on their networks and make sure that all devices connected to them are up-to-date with security patches. ..

According to researchers at Qualys, this Polkit vulnerability is in the default configuration of all major Linux distributions. It can be used to gain full root access to a system, which can open up a whole new world of problems.

“The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration,” said Bharat Jogi, Director, Vulnerability and Threat Research, Qualys.

The bug is called CVE-2021-4034 or PwnKit, and it’s definitely something you want to watch out for if you’re a Linux user. The issue isn’t part of the Linux kernel itself, but part of the Polkit software that’s installed on almost every major distro.

You can read all of the technical details about the exploit on Qualys website if you want to know more about how it works.

Thankfully, several of the major Linux distros have already started rolling out updates to fix the exploit. Both Ubuntu and Debian 11 have received patches, and we expect others to follow in short order. Regardless of what Linux distro you use, make sure to run its update tool as soon as you can to make sure you have the latest version with the fix for this exploit.