Lucene search
HistoryAug 25, 2022 - 8:15 p.m.
CVE-2021-35937
rpm
vulnerability
race condition
root privileges
security checks
data confidentiality
integrity
system availability
CVSS3
6.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
36.7%
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Affected configurations
Node
rpmrpmRange<4.18.0
Node
redhatenterprise_linuxMatch6.0
ORredhatenterprise_linuxMatch7.0
ORredhatenterprise_linuxMatch8.0
ORredhatenterprise_linuxMatch9.0
Node
fedoraprojectfedoraMatch34
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rpm | rpm | * | cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 6.0 | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 7.0 | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 8.0 | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 9.0 | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
| fedoraproject | fedora | 34 | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
Related
osv
osv
nessus
nessus
CBL Mariner 2.0 Security Update: rpm (CVE-2021-35937)
2023-03-28 00:00:00
Fedora 26 : rpm (2017-9232eac8e8)
2017-11-08 00:00:00
SUSE SLED12 / SLES12 Security Update : rpm (SUSE-SU-2018:3884-1)
2018-11-26 00:00:00
alpinelinux
alpinelinux
CVE-2021-35937
2022-08-25 20:15:09
CVE-2021-35939
2022-08-26 16:15:08
ibm
ibm
Security Bulletin: App Connect Enterprise Certified Container UBI updates
2024-03-07 14:53:54
debiancve
debiancve
prion
prion
Race condition
2022-08-25 20:15:00
Design/Logic Flaw
2022-08-26 16:15:00
Privilege escalation
2017-11-22 22:29:00
cvelist
cvelist
veracode
veracode
Denial Of Service (DoS)
2022-10-01 00:52:29
Privilege Escalation
2022-08-29 04:37:38
ubuntucve
ubuntucve
cve
cve
redhatcve
redhatcve
fedora
fedora
[SECURITY] Fedora 26 Update: rpm-4.13.0.2-1.fc26
2017-11-07 22:21:47
[SECURITY] Fedora 25 Update: rpm-4.13.0.2-1.fc25
2017-11-28 17:35:50
mageia
mageia
Updated rpm package fixes security vulnerabilities
2017-10-30 22:23:17
suse
suse
Security update for rpm (moderate)
2018-10-24 15:11:26
Security update for rpm (moderate)
2018-08-06 15:17:09
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:3884-1)
2021-04-19 00:00:00
Mageia: Security Advisory (MGASA-2017-0394)
2022-01-28 00:00:00
Fedora Update for rpm FEDORA-2017-9232eac8e8
2017-11-08 00:00:00
nvd
nvd
f5
f5
K03710547 : Linux RPM vulnerability CVE-2017-7501
2018-01-26 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-35937 affecting package rpm 4.14.2-15
2024-09-30 09:32:20
CVE-2021-35937 affecting package rpm for versions less than 4.18.0-1
2022-10-05 23:33:44
rosalinux
rosalinux
Advisory ROSA-SA-2021-1963
2021-07-02 18:04:36
gentoo
gentoo
RPM: Multiple vulnerabilities
2018-11-28 00:00:00
RPM: Multiple Vulnerabilities
2022-10-31 00:00:00
almalinux
almalinux
Moderate: rpm security update
2024-01-25 00:00:00
Moderate: rpm security update
2024-02-01 00:00:00
redhat
redhat
(RHSA-2024:0582) Moderate: rpm security update
2024-01-30 12:53:23
(RHSA-2024:0424) Moderate: rpm security update
2024-01-24 14:40:29
(RHSA-2024:0463) Moderate: rpm security update
2024-01-24 14:41:02
rocky
rocky
rpm security update
2024-02-12 20:17:16
oraclelinux
oraclelinux
rpm security update
2024-01-25 00:00:00
rpm security update
2024-02-02 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-1.0-0194
2018-11-07 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-2.0-0108
2018-11-08 00:00:00
Critical Photon OS Security Update - PHSA-2018-0194
2018-11-07 00:00:00
redos
redos
ROS-20240410-21
2024-04-10 00:00:00
CVSS3
6.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
36.7%
Related for NVD:CVE-2021-35937