Unrated severityNVD Advisory· Published Aug 25, 2022· Updated Aug 4, 2024
CVE-2021-35938
CVE-2021-35938
Description
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20- osv-coords18 versionspkg:rpm/almalinux/python3-rpmpkg:rpm/almalinux/rpmpkg:rpm/almalinux/rpm-apidocspkg:rpm/almalinux/rpm-buildpkg:rpm/almalinux/rpm-build-libspkg:rpm/almalinux/rpm-cronpkg:rpm/almalinux/rpm-develpkg:rpm/almalinux/rpm-libspkg:rpm/almalinux/rpm-plugin-auditpkg:rpm/almalinux/rpm-plugin-fapolicydpkg:rpm/almalinux/rpm-plugin-imapkg:rpm/almalinux/rpm-plugin-prioresetpkg:rpm/almalinux/rpm-plugin-selinuxpkg:rpm/almalinux/rpm-plugin-syslogpkg:rpm/almalinux/rpm-plugin-systemd-inhibitpkg:rpm/almalinux/rpm-signpkg:rpm/almalinux/rpm-sign-libspkg:rpm/opensuse/rpm&distro=openSUSE%20Tumbleweed
< 4.16.1.3-27.el9_3+ 17 more
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.14.3-28.el8_9
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.16.1.3-27.el9_3
- (no CPE)range: < 4.18.0-1.1
Patches
Vulnerability mechanics
References
7- security.gentoo.org/glsa/202210-22mitrevendor-advisory
- access.redhat.com/security/cve/CVE-2021-35938mitre
- bugzilla.redhat.com/show_bug.cgimitre
- bugzilla.suse.com/show_bug.cgimitre
- github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033mitre
- github.com/rpm-software-management/rpm/pull/1919mitre
- rpm.org/wiki/Releases/4.18.0mitre
News mentions
0No linked articles in our index yet.