diff --git a/SOURCES/polkit-0.112-cve-2021-4034.patch b/SOURCES/polkit-0.112-cve-2021-4034.patch
new file mode 100644
index 0000000..68f687b
--- /dev/null
+++ b/SOURCES/polkit-0.112-cve-2021-4034.patch
@@ -0,0 +1,54 @@
+diff -up ./src/programs/pkcheck.c.ori ./src/programs/pkcheck.c
+--- ./src/programs/pkcheck.c.ori	2021-12-17 11:56:55.336675787 +0100
++++ ./src/programs/pkcheck.c	2021-12-17 12:08:19.736029380 +0100
+@@ -362,6 +362,12 @@ main (int argc, char *argv[])
+   local_agent_handle = NULL;
+   ret = 126;
+ 
++  if (argc < 1)
++    {
++      help();
++      exit(1);
++    }
++
+   g_type_init ();
+ 
+   details = polkit_details_new ();
+diff -up ./src/programs/pkexec.c.ori ./src/programs/pkexec.c
+--- ./src/programs/pkexec.c.ori	2021-12-17 11:55:12.686171757 +0100
++++ ./src/programs/pkexec.c	2021-12-17 11:56:55.336675787 +0100
+@@ -490,6 +490,17 @@ main (int argc, char *argv[])
+   pid_t pid_of_caller;
+   gpointer local_agent_handle;
+ 
++
++  /*
++   * If 'pkexec' is called wrong, just show help and bail out.
++   */
++  if (argc<1)
++    {
++      clearenv();
++      usage(argc, argv);
++      exit(1);
++    }
++
+   ret = 127;
+   authority = NULL;
+   subject = NULL;
+@@ -601,7 +612,15 @@ main (int argc, char *argv[])
+           goto out;
+         }
+       g_free (path);
+-      argv[n] = path = s;
++      path = s;
++
++      /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated.
++       * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination
++       */
++      if (argv[n] != NULL)
++      {
++        argv[n] = path;
++      }
+     }
+   if (access (path, F_OK) != 0)
+     {
diff --git a/SPECS/polkit.spec b/SPECS/polkit.spec
index cfdd3c5..4bd1427 100644
--- a/SPECS/polkit.spec
+++ b/SPECS/polkit.spec
@@ -6,7 +6,7 @@
 Summary: An authorization framework
 Name: polkit
 Version: 0.112
-Release: 26%{?dist}
+Release: 26%{?dist}.1
 License: LGPLv2+
 URL: http://www.freedesktop.org/wiki/Software/polkit
 Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
@@ -36,6 +36,7 @@ Patch14: polkit-0.112-pkttyagent-tty-echo-off-on-fail.patch
 Patch15: polkit-0.112-sigttou-if-bg-job.patch
 Patch16: polkit-0.112-pkttyagent-tcsaflush-batch-erase.patch
 Patch17: polkit-0.112-CVE-2018-1116.patch
+Patch18: polkit-0.112-cve-2021-4034.patch
 
 Group: System Environment/Libraries
 BuildRequires: glib2-devel >= 2.30.0
@@ -121,6 +122,7 @@ Development documentation for polkit.
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
+%patch18 -p1
 
 %build
 %if 0%{?enable_autoreconf}
@@ -211,6 +213,10 @@ fi
 %{_datadir}/gtk-doc
 
 %changelog
+* Fri Dec 17 2021 Jan Rybar <jrybar@redhat.com> - 0.112-26.1
+- pkexec: argv overflow results in local privilege esc.
+- Resolves: CVE-2021-4034
+
 * Wed Oct 23 2019 Jan Rybar <jrybar@redhat.com> - 0.112-26
 - Refined upstream fix of CVE-2018-1116 to avoid ABI changes
 - Related: rhbz#1601411