CVE-2021-3560: 
NixOS vulnerability analysis and mitigation

CVE-2021-3560 is a privilege escalation vulnerability in polkit, discovered and disclosed in June 2021. The vulnerability affects polkit versions from 0.113 onwards and was introduced seven years ago in commit bfa5036. The flaw allows an unprivileged local attacker to bypass credential checks for D-Bus requests, potentially elevating their privileges to root user (GitHub Blog, Ubuntu Security).

The vulnerability occurs in the polkitsystembusnamegetcredssync function when the requesting process disconnects from dbus-daemon just before the credential check starts. In this scenario, when the unique bus name becomes invalid, dbus-daemon sends back an error reply. However, polkit mishandles this error by returning TRUE instead of FALSE, causing the system to treat the request as if it came from a root process with UID 0 (Red Hat Bugzilla).

The vulnerability enables an unprivileged local user to gain root privileges on the system. This could allow attackers to perform various privileged operations, including creating new administrator accounts, installing packages, and gaining complete system access (Red Hat Advisory).

The vulnerability was fixed in polkit updates released on June 3, 2021. System administrators should update their systems to the patched versions. For Red Hat Enterprise Linux 8, this was addressed in RHSA-2021:2238. For Ubuntu systems, the fix was included in version 0.105-31 and later (Red Hat Advisory, Ubuntu Security).