A 12-year-old Linux user has discovered a vulnerability that allows him to gain root access. This vulnerability is present in the Linux kernel, and it is possible to exploit it by using a specially crafted file. If the user tries to execute this file, he will be prompted for his password, which he will likely not remember. As a result, he can easily gain root access and take control of the system. This vulnerability is particularly dangerous because it allows an attacker with administrative privileges to install or uninstall software, change settings on the system, and even delete files on the system. If you are a 12-year-old Linux user who has discovered this vulnerability, please take steps to protect your system by installing a security update from your operating system vendor and/or by using an anti-virus program.

According to researchers at Qualys, this Polkit vulnerability is in the default configuration of all major Linux distributions. It can be used to gain full root access to a system, which can open up a whole new world of problems.

“The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration,” said Bharat Jogi, Director, Vulnerability and Threat Research, Qualys.

The bug is called CVE-2021-4034 or PwnKit, and it’s definitely something you want to watch out for if you’re a Linux user. The issue isn’t part of the Linux kernel itself, but part of the Polkit software that’s installed on almost every major distro.

You can read all of the technical details about the exploit on Qualys website if you want to know more about how it works.

Thankfully, several of the major Linux distros have already started rolling out updates to fix the exploit. Both Ubuntu and Debian 11 have received patches, and we expect others to follow in short order. Regardless of what Linux distro you use, make sure to run its update tool as soon as you can to make sure you have the latest version with the fix for this exploit.