CVE-2021-35937

Summary

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected Software

VendorProductVersion RangeStatus
n/aRPMFixed in rpm v4.18.0affected

Weaknesses

  • CWE-59: CWE-59 - Improper Link Resolution Before File Access ('Link Following'), CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

ADP Enrichment

CVE Program Container

Additional References

References