The information has been provided by Vasyl Kaigorodov.
* PolicyKit (aka polkit) before 0.113
* PolicyKit (aka polkit) after 0.113
This bug allows a local user (a person on a multi-user system, or a daemon account after successfully attacking a daemon over the network) to corrupt memory of polkitd. Corrupting polkitd memory can lead to a crash (known to happen), which is a minor DoS: a specific request being handled during the crash will not get a reply, but polkitd will then be automatically started when next polkit request arrives. In general corrupting memory can lead to arbitrary code execution as polkitd (no proof of concept exists but I can see no reason for this to be impossible), controlling polkitd allows the attacker to grant to anyone access to any polkit-controlled service, including the ability to run any command as root via pkexec.