Vulnerability Description
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rpm | Rpm | < 4.18.0 |
| Redhat | Enterprise Linux | 6.0 |
| Fedoraproject | Fedora | 34 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2021-35937Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1964125Issue TrackingPatchVendor Advisory
- https://rpm.org/wiki/Releases/4.18.0Release Notes
- https://security.gentoo.org/glsa/202210-22Third Party Advisory
- https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdfExploitTechnical DescriptionThird Party Advisory
- https://access.redhat.com/security/cve/CVE-2021-35937Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1964125Issue TrackingPatchVendor Advisory
- https://rpm.org/wiki/Releases/4.18.0Release Notes
- https://security.gentoo.org/glsa/202210-22Third Party Advisory
- https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdfExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2021-35937?
CVE-2021-35937 is a vulnerability with a CVSS score of 6.4 (MEDIUM). A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gai...
How severe is CVE-2021-35937?
CVE-2021-35937 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35937?
Check the references section above for vendor advisories and patch information. Affected products include: Rpm Rpm, Redhat Enterprise Linux, Fedoraproject Fedora.