PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
Priority: ● High
Status: In Progress - Undergoing Analysis
First Published: 2022 February 01
Advisory Version: 1.8
References: CVE-2021-4034
* Additional information from Qualys
Summary
The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s "pkexec", a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.
Affected Products
Vulnerable Products
Hitachi Vantara is currently investigating its product lines to determine if any are affected by this vulnerability. If any products or solutions are found to be impacted, they will be indicated in this section, in subsequent updates to this advisory, along with information regarding mitigations or fixed release versions (if such information is available at the time). Likewise, any products or solutions that have been confirmed not to be affected by the given vulnerability will be listed in the section below.
NOTE: If cited, product documentation, including product-specific Alerts and Technical Bulletins, are available to Hitachi Vantara customers logged into Support Connect.
| Product | Fixed Release Version |
| Network Attached Storage |
| External SMU (embedded SMU is not vulnerable) | For Mitigation and further information see the Technical Bulletin |
| Hitachi Unified Compute Platform (UCP) |
| UCP HC / CI / RS | Hitachi UCP solutions that use Linux-based operating systems are exposed to CVE-2021-4034. We strongly urge customers with these solutions to refer to vendors' respective advisories, in order to assess their risk for vulnerability and, if applicable and when available, implement their specified remediation: · Red Hat · SUSE · Oracle Linux |
| Software Products |
| Hitachi Ops Center Preconfigured Media Kits Only |
Hitachi Ops Center preconfigured Media Kits are built with Oracle Enterprise Linux, for which patches are now available. Please refer to Oracle's advisory for CVE-2021-4034 and, if applicable, please implement their specified remediation. |
| Content Products | |
| Content Platform S Series (2.1.x releases ONLY) | HCPS 2.1.x ships polkit, polkit-libs and polkit-pkla rpms packaged along with the FC based OS. (HCPS 2.2 and 3.x releases do not have any polkit related packages) |
| HCP for Cloud Scale | HCP-CS is affected by this CVE as it requires customers to have RHEL 8.1 installed as host OS, which has this vulnerability in its polkit / pkexec. |
Products Confirmed Not Vulnerable
* As this is an ongoing investigation across all Hitachi Vantara product lines, please note that products may be reclassified as vulnerable as they continue to be evaluated for risk
| Product | Notes / Fixed Release Version |
| Network Attached Storage |
| HNAS 5000 Series | Only the external SMU is vulnerable, embedded SMU and nodes are not vulnerable |
| HNAS 4000 Series | Only the external SMU is vulnerable, embedded SMU and nodes are not vulnerable |
| HNAS 30x0 Series | Only the external SMU is vulnerable, embedded SMU and nodes are not vulnerable |
Virtual Storage Platform Gx00/Fx00 NAS Modules |
Only the external SMU is vulnerable, embedded SMU and nodes are not vulnerable |
| Virtual Storage Platform Nx00 NAS Modules | Only the external SMU is vulnerable, embedded SMU and nodes are not vulnerable |
| Content Products |
| Content Platform | Hitachi Content Platform does not contain the pkexec SUID binary. |
| Content Platform S Series (2.2 & 3.x releases) | HCPS 2.2 and 3.x releases do not have any polkit related packages. |
| Content Intelligence | HCI does not contain the pkexec SUID library |
| Software Products |
| Hitachi Remote Ops (HRO) |
Not affected (NOTE: Customers have the option of installing the HRO Monitor Agent on a Linux OS.) |
| Hitachi Remote Access Control Center (RACC) | Not affected |
| Hitachi Automation Director (HAD) | Not affected |
| Hitachi Business Continuity Manager (HBSM) | Not affected |
| Hitachi Compute Systems Manager (HCSM) | Not affected |
| Hitachi Data Instance Director (HDID) | Not affected |
| Hitachi Device Manager (HDvM) | Not affected |
| Hitachi Tiered Storage Manager (HTSM) | Not affected |
| Hitachi Tuning Manager (HTnM) | Not affected |
| Hitachi Replication Manager (HRpM) | Not affected |
| Hitachi Global Link Manager (HGLM) | Not affected |
| Hitachi Dynamic Link Manager (HDLM) | Not affected |
| Hitachi Infrastructure Analytics Advisor (HIAA) | Not affected |
| Hitachi Storage Advisor (HSA) | Not affected |
| Hitachi Ops Center Administrator |
Not affected |
| Hitachi Ops Center Analyzer |
Not affected |
| Hitachi Ops Center Analyzer Detail View |
Not affected |
| Hitachi Ops Center Analyzer Probe |
Not affected |
| Hitachi Ops Center Automator |
Not affected |
| Hitachi Ops Center Common Services |
Not affected |
| Hitachi Ops Center API Configuration Manager |
Not affected |
| Hitachi Ops Center Protector |
Not affected |
Recommended Actions
Please continue to check this Security Advisory, as new information will be added to it as it becomes available.
If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.
The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.