Indeni became aware of the vulnerability in PolKit’s kexec component, tracked as CVE-2021-4034 on January 25, 2022. The PolKit vulnerability has come to be known as PwnKit. We immediately investigated the vulnerability and potential exploits. 

On January 26, 2022, patches for Ubuntu were released to fix the vulnerability. Please refer to this security notice for more information. Indeni is actively working on a hotfix and it will be available in mid February. 

This is also a good time to remind our customers that your best protection is to secure your server at all times. Please refer to the “Your Responsibility In Securing Your Data” section for steps to secure your server. 

If you have additional questions related to the PolKit vulnerability, please do not hesitate to contact us.