PwnKit affecting SMC CVE-2021-4034
Users of the Atos Smart Management software suite should upgrade polkit component as soon as possible.
A vulnerability in Polkit’s pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system. Trivial exploits are available on the internet.
The component polkit may be used on some systems as an alternative to sudo. It is not installed by default on Atos servers.
Due to the ease of the exploitation, it is recommended to double check that the component is not installed, and to upgrade or remove it, if found.
See attached Security Bulletin for more details.