Indeni’s response to the PolKit vulnerability

Last updated: July 31, 2025

Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.

The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog

Indeni became aware of the vulnerability in PolKit’s kexec component, tracked as CVE-2021-4034 on January 25, 2022. The PolKit vulnerability has come to be known as PwnKit. We immediately investigated the vulnerability and potential exploits.

On January 26, 2022, patches for Ubuntu were released to fix the vulnerability. Please refer to this security notice for more information. Indeni is actively working on a hotfix and it will be available in mid February.

This is also a good time to remind our customers that your best protection is to secure your server at all times. Please refer to the “Your Responsibility In Securing Your Data” section for steps to secure your server.

If you have additional questions related to the PolKit vulnerability, please do not hesitate to contact us.

Key takeaways

The article reports that Indeni discovered a privilege-escalation vulnerability in PolKit’s kexec component (CVE-2021-4034), dubbed PwnKit, on January 25, 2022 and immediately investigated exploit potential. Ubuntu published patches to remediate the flaw on January 26, 2022, and Indeni announced an upcoming hotfix expected in mid-February while reminding customers to secure servers per their "Your Responsibility In Securing Your Data" guidance. The notice invites customers with additional questions about the PolKit vulnerability to contact Indeni for further assistance, emphasizing timely patching and operational hardening to reduce risk.

When did Indeni become aware of the PolKit kexec vulnerability and what designation does it have?

Indeni became aware of the PolKit kexec component vulnerability on January 25, 2022. The vulnerability is tracked as CVE-2021-4034 and has been publicly referred to as PwnKit. Indeni immediately began investigating the vulnerability and potential exploits upon discovery.

What remediation and support actions were taken following the discovery of PwnKit?

On January 26, 2022, Ubuntu released patches addressing the PolKit vulnerability. Indeni stated it is actively working on a hotfix for its own products, with availability expected in mid-February. The notice also directs customers to the vendor security notice for more information and to follow Indeni’s “Your Responsibility In Securing Your Data” guidance to secure servers.

What guidance does the article provide to customers concerned about the PolKit vulnerability?

The article reminds customers that the best protection is to keep servers secured at all times and refers them to the “Your Responsibility In Securing Your Data” section for concrete steps to harden systems. It encourages applying the Ubuntu patches released on January 26, 2022 and waiting for Indeni’s hotfix, expected mid-February, while offering direct contact with Indeni for any additional questions related to the PolKit vulnerability.

Unlock $120K+ in network ROI

Indeni’s response to the PolKit vulnerability

Related content

How to map your network with user-defined links in Integrity X

Automate your DDI modernization path by migrating with Micetro

Your journey to intelligent NetOps begins at Cisco Live

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)