Home > Vulnerability Database > CVE-2021-35937

Mend.io Vulnerability Database

CVE-2021-35937

Date: August 24, 2022

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity Score

6.4

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-35937

Url: https://access.redhat.com/security/cve/CVE-2021-35937

Url: https://rpm.org/wiki/Releases/4.18.0

Url: https://security.gentoo.org/glsa/202210-22

Url: https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1964125

Url: https://security-tracker.debian.org/tracker/CVE-2021-35937

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-35937

Url: https://www.mend.io/vulnerability-database/CVE-2021-35937

Severity Score

6.4

Weakness Type (CWE)

Link Following

CWE-59

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-367

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2021-35937

Date: August 24, 2022

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?