Skip to main content
Ex Libris Knowledge Center

Security Advisory- Polkit Privilege Escalation Vulnerability (CVE-2021-4034) - February 02, 2022


On January 25, 2022 a privilege escalation vulnerability (CVE-2021-4034) was found in Polkit's pkexec utility, part of a SUID-root program that is installed by default on all major Linux distributions, that allows unprivileged processes to communicate with privileged processes on Linux systems. The easily exploitable vulnerability allows a user with ordinary privileges to gain full root privileges on a vulnerable host in its default configuration. The vulnerability allows the user to bypass all authentication controls and policies due to incorrect handling of the process’ argument vector. 

Effective Security Severity Level 


Affected Systems

All Ex Libris systems/products running on Linux.

Tests and Certifications

Ex Libris has evaluated all Ex Libris products for potential vulnerability and performed certification testing with the available patches for all Ex Libris systems and products running on Linux. It was determined that the available patches can be safely deployed with no impact to Ex Libris systems and products.

The fix for this vulnerability has been developed, tested, installed and certified for the Ex Libris Linux servers.

Action Taken by Ex Libris for Cloud Systems

Ex Libris has deployed the fix that addresses the vulnerability described in this advisory and no action is required by our cloud customers.

Required Actions for On-Premise/Local Systems

Ex Libris strongly recommends following the vendor's instructions and installing the patch on all on-premises (local) Ex Libris products using Linux systems.


Exploitation and Public Announcements 

The Ex Libris Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.


Record of Changes

Type of information Document Data

Document Title:

Security Advisory  – Polkit Privilege Escalation Vulnerability (CVE-2021-4034) - February 02, 2022

Document Owner:

Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

Approved by:

Barak Rozenblat – VP Cloud Services


February 02, 2022

Reviewed & Revised:

February 02, 2022


Revision Control

Version Number Nature of Change Date Approved


Initial version

February 02, 2022

Document Distribution and Review

The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver.