HPCNow! is not usually producing communications about security, but given the severity and the high risk of CVE-2021-4034 for HPC clusters, we would like to aware you of the important vulnerability found in pkexec.

The CVE-2021-4034 vulnerability found in pkexec allows an unprivileged local attacker to escalate privileges, bypassing any authentication and policies due to incorrect handling of the process’s argument vector.

The most popular Linux distributions are affected, including Red Hat, SuSE, Debian, Ubuntu, and also the derivated distributions (i.e. CentOS, RockyLinux). 

For Ubuntu and Debian based distributions, the issue can be fixed by upgrading the package policykit-1.

sudo apt update
sudo apt –only-upgrade install policykit-1

On RHEL, CentOS, RockyLinux and other RHEL based systems, the process is more complex. We suggest taking advantage of the Ansible playbook developed by Red Hat to patch multiple systems. 

wget https://access.redhat.com/sites/default/files/cve-2021-4034_stap_mitigate–2022-01-25-0936.yml
ansible-playbook -e HOSTS=login01,slurm01,master01 cve-2021-4034_stap_mitigate–2022-01-25-0936.yml

Otherwise, follow the instructions described in this article.

We recommend you contact your security department, or an external consultant if needed. 



Parc Tecnològic
Marie Curie, 8 08042 Barcelona
+34 931640488
See location

NZ Office

61 Kahawairahi Drive
2018 - Auckland (New Zealand)
+64 (0) 22 344 2801


Contact us and we will help you.

    I accept the terms and conditions