There is a recent addition to CISA’s Known Exploited Vulnerabilities Catalog. It is in PwnKit, a Linux vulnerability and there was evidence recorded for active exploitation of the same.
PwnKit, tracked as CVE-2021-4034 with a CVSS score of 7.8 came to light in January 2022.
Successful exploitation of the flaw could induce pkexec to execute arbitrary code.
This code grants an unprivileged attacker the administrative rights on the target machine which in turn compromises the host.
The bigger area of concern is the escalation in polkit's pkexec utility, which allows an authorized user to execute commands as another user.
What is Polkit?
Polkit is a toolkit for controlling system-wide privileges in Unix-like operating systems.
It provides a mechanism for non-privileged processes to communicate with privileged processes.
There is not sufficient information on the threat actor that exploited the PwnKit flaw. The organizations are recommended to prioritize timely remediation of the issues in order to mitigate any potential risk of exposure to cyberattacks.