CVE-2015-3255

Description

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

How to fix CVE-2015-3255

To remediate CVE-2015-3255, upgrade the affected package to a fixed version below.

• Debian/policykit-1—upgrade to 0.105-12 or later

Is CVE-2015-3255 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.105-12

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-3255