{"api_version":"1","generated_at":"2026-04-23T05:58:23+00:00","cve":"CVE-2021-35938","urls":{"html":"https://cve.report/CVE-2021-35938","api":"https://cve.report/api/cve/CVE-2021-35938.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-35938","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-35938"},"summary":{"title":"CVE-2021-35938","description":"A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2022-08-25 20:15:00","updated_at":"2022-11-29 18:06:00"},"problem_types":["CWE-59"],"metrics":[],"references":[{"url":"https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033","name":"https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033","refsource":"MISC","tags":[],"title":"Set file metadata via fd-based ops for everything but symlinks · rpm-software-management/rpm@25a435e · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://rpm.org/wiki/Releases/4.18.0","name":"https://rpm.org/wiki/Releases/4.18.0","refsource":"MISC","tags":[],"title":"rpm.org - Releases","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1157880","name":"https://bugzilla.suse.com/show_bug.cgi?id=1157880","refsource":"MISC","tags":[],"title":"Bug 1157880 – VUL-0: CVE-2021-35938: rpm: races with chown/chmod/capabilties calls during installation","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2021-35938","name":"https://access.redhat.com/security/cve/CVE-2021-35938","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964114","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1964114","refsource":"MISC","tags":[],"title":"1964114 – (CVE-2021-35938) CVE-2021-35938 rpm: races with chown/chmod/capabilities calls during installation","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202210-22","name":"GLSA-202210-22","refsource":"GENTOO","tags":[],"title":"RPM: Multiple Vulnerabilities (GLSA 202210-22) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/rpm-software-management/rpm/pull/1919","name":"https://github.com/rpm-software-management/rpm/pull/1919","refsource":"MISC","tags":[],"title":"First steps towards fixing the symlink CVEs by pmatilai · Pull Request #1919 · rpm-software-management/rpm · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-35938","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35938","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"35938","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"35938","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"35938","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"35938","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"35938","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rpm","cpe5":"rpm","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-35938","qid":"161314","title":"Oracle Enterprise Linux Security Update for rpm (ELSA-2024-0463)"},{"cve":"CVE-2021-35938","qid":"161331","title":"Oracle Enterprise Linux Security Update for rpm (ELSA-2024-0647)"},{"cve":"CVE-2021-35938","qid":"182103","title":"Debian Security Update for rpm (CVE-2021-35938)"},{"cve":"CVE-2021-35938","qid":"242744","title":"Red Hat Update for rpm (RHSA-2024:0424)"},{"cve":"CVE-2021-35938","qid":"242754","title":"Red Hat Update for rpm (RHSA-2024:0463)"},{"cve":"CVE-2021-35938","qid":"242757","title":"Red Hat Update for rpm (RHSA-2024:0435)"},{"cve":"CVE-2021-35938","qid":"242810","title":"Red Hat Update for rpm (RHSA-2024:0582)"},{"cve":"CVE-2021-35938","qid":"242816","title":"Red Hat Update for rpm (RHSA-2024:0647)"},{"cve":"CVE-2021-35938","qid":"242842","title":"Red Hat Update for rpm (RHSA-2024:0453)"},{"cve":"CVE-2021-35938","qid":"357349","title":"Amazon Linux Security Advisory for rpm : ALAS2023-2024-573"},{"cve":"CVE-2021-35938","qid":"379634","title":"Alibaba Cloud Linux Security Update for rpm (ALINUX3-SA-2024:0030)"},{"cve":"CVE-2021-35938","qid":"502949","title":"Alpine Linux Security Update for rpm"},{"cve":"CVE-2021-35938","qid":"505818","title":"Alpine Linux Security Update for rpm"},{"cve":"CVE-2021-35938","qid":"672363","title":"EulerOS Security Update for rpm (EulerOS-SA-2022-2741)"},{"cve":"CVE-2021-35938","qid":"672374","title":"EulerOS Security Update for rpm (EulerOS-SA-2022-2776)"},{"cve":"CVE-2021-35938","qid":"672457","title":"EulerOS Security Update for rpm (EulerOS-SA-2022-2829)"},{"cve":"CVE-2021-35938","qid":"672471","title":"EulerOS Security Update for rpm (EulerOS-SA-2022-2855)"},{"cve":"CVE-2021-35938","qid":"691000","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for rpm4 (0c52abde-717b-11ed-98ca-40b034429ecf)"},{"cve":"CVE-2021-35938","qid":"710651","title":"Gentoo Linux RPM Multiple Vulnerabilities (GLSA 202210-22)"},{"cve":"CVE-2021-35938","qid":"903712","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10726)"},{"cve":"CVE-2021-35938","qid":"903790","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10723)"},{"cve":"CVE-2021-35938","qid":"904163","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10723-1)"},{"cve":"CVE-2021-35938","qid":"941549","title":"AlmaLinux Security Update for rpm (ALSA-2024:0463)"},{"cve":"CVE-2021-35938","qid":"941568","title":"AlmaLinux Security Update for rpm (ALSA-2024:0647)"},{"cve":"CVE-2021-35938","qid":"961111","title":"Rocky Linux Security Update for rpm (RLSA-2024:0647)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-35938","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"RPM","version":{"version_data":[{"version_value":"Fixed in rpm v4.18.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-59 - Improper Link Resolution Before File Access ('Link Following')"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1964114","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964114"},{"refsource":"MISC","name":"https://bugzilla.suse.com/show_bug.cgi?id=1157880","url":"https://bugzilla.suse.com/show_bug.cgi?id=1157880"},{"refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2021-35938","url":"https://access.redhat.com/security/cve/CVE-2021-35938"},{"refsource":"MISC","name":"https://rpm.org/wiki/Releases/4.18.0","url":"https://rpm.org/wiki/Releases/4.18.0"},{"refsource":"MISC","name":"https://github.com/rpm-software-management/rpm/pull/1919","url":"https://github.com/rpm-software-management/rpm/pull/1919"},{"refsource":"MISC","name":"https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033","url":"https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033"},{"refsource":"GENTOO","name":"GLSA-202210-22","url":"https://security.gentoo.org/glsa/202210-22"}]},"description":{"description_data":[{"lang":"eng","value":"A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]}},"nvd":{"publishedDate":"2022-08-25 20:15:00","lastModifiedDate":"2022-11-29 18:06:00","problem_types":["CWE-59"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*","versionEndExcluding":"4.18.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"35938","Ordinal":"211445","Title":"CVE-2021-35938","CVE":"CVE-2021-35938","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"35938","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}