CVE-2015-3255

Published: Oct 26, 2015Modified: May 6, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

Affected (1)

Products: Polkit Project: Polkit

Polkit Project

1 product

Polkit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Polkit Project Polkit	Up to 0.112

Related CWEs

CWE-264

References (16)

http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html

Source: secalert@redhat.com

http://www.securitytracker.com/id/1035023

Source: secalert@redhat.com

https://bugs.freedesktop.org/show_bug.cgi?id=83590

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1245673

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201611-07

Source: secalert@redhat.com

https://usn.ubuntu.com/3717-2/

Source: secalert@redhat.com

http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html