USN-8173-1 Unknown

USN-8173-1: polkit vulnerabilities

Canonical (Ubuntu) Released: April 14, 2026 Updated: April 16, 2026 Restart Required

Description

It was discovered that polkit incorrectly handled nested elements in XML policy files. If an administrator were tricked into installing a malicious policy file, a remote attacker could possibly use this issue to cause polkit to crash, resulting in a denial of service. (CVE-2025-7519) Pavel Kohout discovered that the polkit polkit-agent-helper-1 utility incorrectly handled long input. A local attacker could possibly use this issue to cause polkit to crash, resulting in a denial of service. (CVE-2026-4897)

Fixed Vulnerabilities 1

CVE-2026-4897 N/A 0.0 ⚠️ KEV fixed

Mar 26, 2026

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary…

Quick Info

Patch ID: USN-8173-1

Vendor: Canonical (Ubuntu)

Severity: Unknown

CVEs Fixed: 1

Restart: Required

Vendor

Canonical (Ubuntu)

Additional Info

action:

usn id: USN-8173-1

summary: Several security issues were fixed in polkit.

usn number: 8173-1

instructions: In general, a standard system update will make all the necessary changes.

CVE Vulnerabilities

Posts & Pages