Found be Qualys and the security advisory can be found here : https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
The vulnerability has existed in every version of the "Policy Toolkit" (or, Polkit) package since it was first released in 2009 and allows any unprivileged attacker to easily obtain full administrative access over any Linux machine with the Polkit package installed. It is not exploitable remotely, making Pwnkit purely a local privilege escalation (LPE) vulnerability.
Polkit is part of the Linux authorisation system. In effect, when you try to perform an action which requires a higher level of privileges, Polkit can be used to determine whether you have the requisite permissions. It is integrated with systemd and is much more configurable than the traditional sudo system. Indeed, it is sometimes referred to as the "sudo of systemd", providing a granular system with which to assign permissions to users.
Exemple of interaction :
kiosec@cyberlab:~$ pkexec useradd testuser
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
Authentication is needed to run '/usr/sbin/useradd' as the super user
Authenticating as: kiosec,,, (kiosec)
Password:
Testing vm can be found here : https://tryhackme.com/room/pwnkit
Exploit can be found here : https://github.com/arthepsy/CVE-2021-4034
This variation of the exploit makes use of the dangerous GCONV_PATH variable to include a malicious shared object file that calls the /bin/sh shell with root permissions.
gcc cve-2021-4034-poc.c -o exploit
./exploit