CVE-2021-35937

Updated: 2023-11-07 19:39:25.03391

Description:

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 6.4

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU rpm 4.16.1.3 6.4 MEDIUM Released CLSA-2024:1708417063 2024-02-20 03:57:04
CentOS 6 ELS rpm 4.8.0 6.4 MEDIUM Ignored 2022-09-02 05:02:09
CentOS 7 ELS rpm 4.11.3 6.4 MEDIUM Ignored 2023-09-19 09:30:15
CentOS 8.4 ELS rpm 4.14.3-14 6.4 MEDIUM Ignored 2022-09-02 05:02:09
CentOS 8.5 ELS rpm 4.14.3-19 6.4 MEDIUM Ignored 2022-09-02 05:02:09
CloudLinux 6 ELS rpm 4.8.0 6.4 MEDIUM Ignored 2022-09-02 05:02:09
Oracle Linux 6 ELS rpm 4.8.0 6.4 MEDIUM Ignored 2022-09-02 05:02:09