Home > Vulnerability Database > CVE-2021-35938

Mend.io Vulnerability Database

CVE-2021-35938

Date: August 25, 2022

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity Score

6.7

Related Resources (11)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-35938

Url: https://access.redhat.com/security/cve/CVE-2021-35938

Url: https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033

Url: https://rpm.org/wiki/Releases/4.18.0

Url: https://security.gentoo.org/glsa/202210-22

Url: https://github.com/rpm-software-management/rpm/pull/1919

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-35938

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1964114

Url: https://bugzilla.suse.com/show_bug.cgi?id=1157880

Url: https://security-tracker.debian.org/tracker/CVE-2021-35938

Url: https://www.mend.io/vulnerability-database/CVE-2021-35938

Severity Score

6.7

Weakness Type (CWE)

Link Following

CWE-59

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2021-35938

Date: August 25, 2022

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?