This patch fixes CVE-2021-3560, "local privilege escalation using polkit_system_bus_name_get_creds_sync()": https://www.openwall.com/lists/oss-security/2021/06/03/1 Patch from . diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 8daa12cb9093c1d765c7b83654a2b8d0d382378e..8ed13631508dd96624898df90ee2ece4dcf3e1e5 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) g_main_context_iteration (tmp_context, TRUE); + if (data.caught_error) + goto out; + if (out_uid) *out_uid = data.uid; if (out_pid)