CVE-2021-35937 : A race condition vulnerability was found in rpm. A local unprivileged user could

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published 2022-08-25 20:15:09

Updated 2023-06-26 17:48:37

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2021-35937

Redhat » Enterprise Linux » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Matching versions
RPM » RPM
Versions before (<) 4.18.0
cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-35937

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-35937

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.4	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	0.5	5.9	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-35937

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Secondary)
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2021-35937

https://access.redhat.com/security/cve/CVE-2021-35937

CVE-2021-35937- Red Hat Customer Portal
Vendor Advisory
https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf

Exploit;Technical Description;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1964125

1964125 – (CVE-2021-35937) CVE-2021-35937 rpm: TOCTOU race in checks for unsafe symlinks
Issue Tracking;Patch;Vendor Advisory
https://rpm.org/wiki/Releases/4.18.0

rpm.org - Releases
Release Notes

CVEs referencing this url
https://security.gentoo.org/glsa/202210-22

RPM: Multiple Vulnerabilities (GLSA 202210-22) — Gentoo security
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-35937

Products affected by CVE-2021-35937

Exploit prediction scoring system (EPSS) score for CVE-2021-35937

CVSS scores for CVE-2021-35937

CWE ids for CVE-2021-35937

References for CVE-2021-35937