The PwnKit vulnerability: Overview, detection, and remediation

On January 25, 2022, Qualys discovered a local privilege escalation vulnerability called PwnKit that affects PolicyKit's pkexec program installed by default on many Linux distributions such as Ubuntu, Debian, Fedora, and CentOS. A proof of concept (PoC) exploit was published the same day. Due to its low barrier to entry, widespread scope, and default installation across many Linux distributions, it is likely that attackers will use this vulnerability to gain a privileged foothold on production and cloud workload environments. Major Linux distributions have released dedicated security bulletins to help mitigate the vulnerability. Datadog Cloud Workload Security monitors file and process activity in real time at the kernel level, providing immediate defense by detecting exploitation attempts of the PwnKit vulnerability.