{"id":"CVE-2021-35937","details":"A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","modified":"2026-04-10T04:35:16.748106Z","published":"2022-08-25T20:15:09.243Z","related":["ALSA-2024:0463","ALSA-2024:0647"],"references":[{"type":"ADVISORY","url":"https://rpm.org/wiki/Releases/4.18.0"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-22"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2021-35937"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964125"},{"type":"EVIDENCE","url":"https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rpm-software-management/rpm","events":[{"introduced":"0"},{"fixed":"ea0d77c52e176e2876fdb1d07ad41e9e2635a93e"},{"introduced":"0"},{"last_affected":"867c7cb199f94f65270afaf63f9f249c44ed7c9d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.18.0"},{"introduced":"0"},{"last_affected":"6.0"}]}}],"versions":["rpm-4.11.0-alpha","rpm-4.12.0-alpha","rpm-4.13.0-alpha","rpm-4.15.0-alpha","rpm-4.16.0-alpha","rpm-4.17.0-alpha","rpm-4.18.0-alpha1","rpm-4.18.0-alpha2","rpm-4.18.0-beta1","rpm-4.18.0-rc1","rpm-4.19.0-alpha","rpm-4.4-release","rpm-4.4.1-release","rpm-4.4.2-release","rpm-4.4.2.1-rc1","rpm-4.4.2.1-rc2","rpm-4.8.0-beta1","rpm-6.0.0-alpha","rpm-6.0.0-beta","rpm-6.0.0-beta2","rpm-6.0.0-release"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-35937.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}