PatchSiren cyber security CVE debrief
CVE-2016-2568 Redhat CVE debrief
CVE-2016-2568 is a high-severity local privilege escalation issue affecting pkexec when used with --user nonpriv. A local attacker can use a crafted TIOCSTI ioctl call to push characters into the terminal input buffer and escape to the parent session on vulnerable systems.
- Vendor
- Redhat
- Product
- CVE-2016-2568
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Linux administrators, workstation and server operators, and security teams responsible for systems that use pkexec/polkit. The NVD records vulnerable CPEs for freedesktop polkit and Red Hat Enterprise Linux 6/7, so multi-user Linux environments and systems that rely on terminal-based administrative workflows should review exposure.
Technical summary
NVD classifies the issue with CVSS v3.1 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H and CWE-116. The vulnerability is described as a terminal-input injection problem in pkexec when invoked with --user nonpriv, where a crafted TIOCSTI ioctl call can place attacker-controlled characters into the terminal input buffer and lead to session escape. The NVD record cites advisories and tracking from Openwall, Red Hat, Debian, and Ubuntu.
Defensive priority
High for any environment with interactive local users or shared administrative access, especially where pkexec/polkit is deployed. The attack requires local access, but the impact is broad because successful exploitation can cross session boundaries and affect confidentiality, integrity, and availability.
Recommended defensive actions
- Verify whether pkexec/polkit is installed and whether affected versions are present on systems in scope.
- Check vendor advisories for remediation guidance, starting with the Red Hat, Debian, and Ubuntu references listed in the NVD record.
- Prioritize patching or upgrading systems that expose local multi-user access, jump-host workflows, or shared administration terminals.
- Review whether any automation or administrative tooling invokes pkexec with --user nonpriv and reduce or remove that usage where possible.
- Limit local shell access to trusted users and monitor for unusual terminal/session behavior on affected hosts.
Evidence notes
The CVE record was published on 2017-02-13T18:59:00.393Z and later modified on 2026-05-13T00:24:29.033Z. Supplied NVD metadata marks the vulnerability as affecting freedesktop:polkit and Red Hat Enterprise Linux 6.0 and 7.0 CPEs. Reference links in the record include the Openwall oss-security thread, Red Hat advisory and Bugzilla entry, Debian bug report, and Ubuntu security page.
Official resources
-
CVE-2016-2568 CVE record
CVE.org
-
CVE-2016-2568 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mailing List, Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Mailing List, Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Publicly disclosed and published in the CVE record on 2017-02-13. This debrief uses the supplied CVE publication date for timing context and does not treat later modification dates as the original issue date.