-
Created by
Doina Cristina Duma, last updated on Jan 28, 2022
1 minute read
Two critical vulnerabilities have been reported:
- A vulnerability of the linux kernel (CVE-2022-0185) that may allow unprivileged users to gain root access.
- A vulnerability of the polkit (CVE-2021-4034) - a local privilege escalation vulnerability was found on polkit's pkexec utility
The actions required are listed below, divided according to the operating system used.
Actions required/recommended
IMPORTANT
The CVE-2021-4034 (polkit) affects all operating systems and the update, or mitigation, must be applied within 1 week. Note that the polkit update may cause problems on containerized applications. Please carefully read and apply the steps detailed bellow.
The CVE-2022-0185 (kernel) affects CentOS 8, and derivatives, and Ubuntu 20.04, and it is particulalry dangerous on multi-user instances on which the update must be applied within 1 week.
Instructions for CentOS Stream 8 and above
Please issue the command:
$ uname -a
If the reported kernel version is less than XXX, then you are affected by this vulnerability.
To update the kernel please issue the following command (don’t worry if the command doesn’t update any package: the newer kernel could have already been installed by an automatic update system):
$ sudo XXXXX*
To enable the use of the new kernel, a reboot is needed:
$ sudo reboot
After the system restart, please use again the “uname -a” command to check the kernel version in use.
References
[R1] https://access.redhat.com/security/cve/CVE-2022-0185
[R2] https://access.redhat.com/errata/RHSA-2022:0188
[R3] https://www.openwall.com/lists/oss-security/2022/01/18/7
[R4] https://access.redhat.com/security/cve/CVE-2021-4034
[R5] https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
[R6] https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt