{"id":"CVE-2021-35938","details":"A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","modified":"2026-04-11T16:25:57.136991Z","published":"2022-08-25T20:15:09.307Z","related":["ALSA-2024:0463","ALSA-2024:0647","openSUSE-SU-2024:12562-1"],"references":[{"type":"ADVISORY","url":"https://rpm.org/wiki/Releases/4.18.0"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-22"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2021-35938"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1964114"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1157880"},{"type":"FIX","url":"https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033"},{"type":"FIX","url":"https://github.com/rpm-software-management/rpm/pull/1919"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rpm-software-management/rpm","events":[{"introduced":"0"},{"fixed":"ea0d77c52e176e2876fdb1d07ad41e9e2635a93e"},{"fixed":"25a435e90844ea98fe5eb7bef22c1aecf3a9c033"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.18.0"}]}}],"versions":["rpm-4.11.0-alpha","rpm-4.12.0-alpha","rpm-4.13.0-alpha","rpm-4.15.0-alpha","rpm-4.16.0-alpha","rpm-4.17.0-alpha","rpm-4.18.0-alpha1","rpm-4.18.0-alpha2","rpm-4.18.0-beta1","rpm-4.18.0-rc1","rpm-4.4-release","rpm-4.4.1-release","rpm-4.4.2-release","rpm-4.4.2.1-rc1","rpm-4.4.2.1-rc2","rpm-4.8.0-beta1"],"database_specific":{"vanir_signatures":[{"digest":{"line_hashes":["280623155716057075973965713759273863140","67026450021903754845164842287235129457","158411457487267255824690252833708700168"],"threshold":0.9},"deprecated":false,"signature_type":"Line","target":{"file":"lib/fsm.c"},"source":"https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033","id":"CVE-2021-35938-6ff8734b","signature_version":"v1"},{"digest":{"function_hash":"106619841970814527190268285391749306210","length":5307},"deprecated":false,"signature_type":"Function","target":{"file":"lib/fsm.c","function":"rpmPackageFilesInstall"},"source":"https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033","id":"CVE-2021-35938-c3afe85b","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T16:25:57Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-35938.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}