Tech Solvency - The Story So Far

PwnKit / polkit / pkexec vulnerability (CVE-2021-4034) - cheat-sheet reference guide

Last updated: $Date: 2022/02/01 01:03:31 $ UTC - best effort, validate all for your environment/model before use, unofficial sources may be wrong

by @TychoTithonus (Royce Williams), standing on the shoulders of many giants
Send updates or suggestions (please include category / context / public (or support-walled) links if you can)


Key updates

Context - who (and what) is affected

Scope / seriousness

back to top


back to top

Technical analysis

back to top


back to top


Direct remediation:

Mitigations - official

Mitigations - easy but may have tradeoffs

Mitigations - harder

Mitigations - ecosystem

back to top

Affected (and unaffected) products

See other product and tool lists if your product is not listed here)

Note: this list focuses primarily on customer-controlled components.

Disclaimer: caching/summaries is best effort and may be out of date or incorrect - always validate for yourself

Claimed patched (previously vulnerable, now remediated/mitigated or updates available)

Confirmed affected - version differences, workarounds suggested, status pending, or not yet analyzed

Claimed unaffected / not vulnerable (no action taken or required)

Claimed unaffected by default (but configurable to be affected)

Multi-product - vulnerable, mixed, or not yet fully determined

Potentially affected (circumstantially affected, or behind support wall)

Not yet determined, non-commital, or mixed/controversial

Indirect / integration known

Other rollup lists

back to top


Finding potentially vulnerable software

Detecting exploitation attempts / threat hunting

Vulnerability scanning and testing

Other defense stacks and guides

back to top


Trivial - so expect many, this list will not be exhaustive

back to top

News and posts

back to top

Return to The Story So Far (list of notable security events)

Follow @techsolvency for security-only updates, or @TychoTithonus (me) for general/personal (and password cracking / hashcat stuff)