CVE-2015-3218

Description

The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.

How to fix CVE-2015-3218

To remediate CVE-2015-3218, upgrade the affected package to a fixed version below.

• Debian/policykit-1—upgrade to 0.105-11 or later

Is CVE-2015-3218 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.105-11

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-3218