PolicyKit Privilege Escalation Vulnerability in Multiple Distributions
CVE-2015-3255

Currently unrated

Key Information:

Vendor: Polkit Project
Status: Polkit
Vendor: CVE Published:; 26 October 2015

What is CVE-2015-3255?

The polkit_backend_action_pool_init function in PolicyKit versions before 0.113 can be exploited by local users through the use of duplicate action IDs in action descriptions. This vulnerability may allow unauthorized users to gain elevated privileges on affected systems, leading to potential misuse of system commands and configurations. Various distributions, including Gentoo, Ubuntu, and openSUSE, have published advisories regarding the necessary updates and mitigations for this issue.

References

https://security.gentoo.org/glsa/201611-07

vendor-advisoryx_refsource_GENTOO

https://usn.ubuntu.com/3717-2/

vendor-advisoryx_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=1245673

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 26, 2015
Vulnerability Reserved
Apr 10, 2015

Polkit Project

What is CVE-2015-3255?

References

Timeline