CVE-2021-35939

Updated: 2023-11-04 20:09:39.884033

Description:

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 6.7

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU rpm 4.16.1.3 6.7 MEDIUM Released CLSA-2024:1708417063 2024-02-20 03:57:03
CentOS 6 ELS rpm 4.8.0 6.7 MEDIUM Ignored 2022-11-30 04:04:08
CentOS 7 ELS rpm 4.11.3 6.7 MEDIUM Ignored 2023-09-19 09:30:15
CentOS 8.4 ELS rpm 4.14.3-14 6.7 MEDIUM Released CLSA-2022:1671123868 2022-12-15 13:04:20
CentOS 8.5 ELS rpm 4.14.3-19 6.7 MEDIUM Released CLSA-2022:1671124065 2022-12-15 13:04:20
CloudLinux 6 ELS rpm 4.8.0 6.7 MEDIUM Ignored 2022-11-30 04:04:08
Oracle Linux 6 ELS rpm 4.8.0 6.7 MEDIUM Ignored 2022-11-30 04:04:08