Indeni’s response to the PolKit  vulnerability

Last updated: July 31, 2025

An avatar of the author
Ulrica de Fort-Menares

Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.

The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog

Indeni became aware of the vulnerability in PolKit’s kexec component, tracked as CVE-2021-4034 on January 25, 2022. The PolKit vulnerability has come to be known as PwnKit. We immediately investigated the vulnerability and potential exploits. 

On January 26, 2022, patches for Ubuntu were released to fix the vulnerability. Please refer to this security notice for more information. Indeni is actively working on a hotfix and it will be available in mid February. 

This is also a good time to remind our customers that your best protection is to secure your server at all times. Please refer to the “Your Responsibility In Securing Your Data” section for steps to secure your server. 

If you have additional questions related to the PolKit vulnerability, please do not hesitate to contact us. 

Key Takeaways
  • CVE-2021-4034, known as PwnKit, is a privilege escalation vulnerability in PolKit’s kexec component disclosed on January 25, 2022.
  • Indeni immediately initiated an investigation into the vulnerability and potential exploit paths after becoming aware of PwnKit.
  • Ubuntu released patches on January 26, 2022, to remediate the PolKit PwnKit vulnerability.
  • Indeni is developing a dedicated hotfix for this issue, with availability targeted for mid-February.
  • Ongoing server hardening and adherence to documented security responsibilities remain critical to mitigating risks from vulnerabilities such as PwnKit.
  • Customers are encouraged to review the “Your Responsibility In Securing Your Data” section and contact Indeni with any PwnKit-related questions.

Published on: February 1, 2022

An avatar of the author

Ulrica de Fort-Menares is the Vice President of Product Management for Infrastructure Assurance.

Related content

Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more
Row of orange industrial robotic arms positioned along an automated conveyor belt in a factory setting
Blog

Automate it all in Integrity with REST v2 API-first DDI management

Discover API-first DDI with Integrity X by using REST v2 to automate DNS, DHCP, and IPAM for scalable, secure network operations.

Read more
Three colleagues at monitors collaborating, overlaid with network, analytics, cloud, and gear icons.
Blog

Agentic AI adoption in network observability propels NetOps teams

Network observability is crucial for today’s networks and even more capable with agentic AI, according to new Omdia and BlueCat research.

Read more

⏳ Cisco Live is almost here. Put BlueCat on your agenda for smarter, more secure networks.

Get the details