UBUNTU-CVE-2021-35937
- Source
- https://ubuntu.com/security/CVE-2021-35937
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-35937.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-35937
- Upstream
- Published
- 2022-08-25T20:15:00Z
- Modified
- 2025-09-08T16:47:15Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / rpm
Package
- Name
- rpm
- Purl
- pkg:deb/ubuntu/rpm@4.11.1-3ubuntu0.1+esm1?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "debugedit",
"binary_version": "4.11.1-3ubuntu0.1+esm1"
},
{
"binary_name": "librpm-dev",
"binary_version": "4.11.1-3ubuntu0.1+esm1"
},
{
"binary_name": "librpm3",
"binary_version": "4.11.1-3ubuntu0.1+esm1"
},
{
"binary_name": "librpmbuild3",
"binary_version": "4.11.1-3ubuntu0.1+esm1"
},
{
"binary_name": "librpmio3",
"binary_version": "4.11.1-3ubuntu0.1+esm1"
},
{
"binary_name": "librpmsign1",
"binary_version": "4.11.1-3ubuntu0.1+esm1"
},
{
"binary_name": "python-rpm",
"binary_version": "4.11.1-3ubuntu0.1+esm1"
},
{
"binary_name": "rpm",
"binary_version": "4.11.1-3ubuntu0.1+esm1"
},
{
"binary_name": "rpm-common",
"binary_version": "4.11.1-3ubuntu0.1+esm1"
},
{
"binary_name": "rpm-i18n",
"binary_version": "4.11.1-3ubuntu0.1+esm1"
},
{
"binary_name": "rpm2cpio",
"binary_version": "4.11.1-3ubuntu0.1+esm1"
}
]
}
Ubuntu:Pro:16.04:LTS / rpm
Package
- Name
- rpm
- Purl
- pkg:deb/ubuntu/rpm@4.12.0.1+dfsg1-3ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "debugedit",
"binary_version": "4.12.0.1+dfsg1-3ubuntu0.1~esm1"
},
{
"binary_name": "librpm-dev",
"binary_version": "4.12.0.1+dfsg1-3ubuntu0.1~esm1"
},
{
"binary_name": "librpm3",
"binary_version": "4.12.0.1+dfsg1-3ubuntu0.1~esm1"
},
{
"binary_name": "librpmbuild3",
"binary_version": "4.12.0.1+dfsg1-3ubuntu0.1~esm1"
},
{
"binary_name": "librpmio3",
"binary_version": "4.12.0.1+dfsg1-3ubuntu0.1~esm1"
},
{
"binary_name": "librpmsign3",
"binary_version": "4.12.0.1+dfsg1-3ubuntu0.1~esm1"
},
{
"binary_name": "python-rpm",
"binary_version": "4.12.0.1+dfsg1-3ubuntu0.1~esm1"
},
{
"binary_name": "python3-rpm",
"binary_version": "4.12.0.1+dfsg1-3ubuntu0.1~esm1"
},
{
"binary_name": "rpm",
"binary_version": "4.12.0.1+dfsg1-3ubuntu0.1~esm1"
},
{
"binary_name": "rpm-common",
"binary_version": "4.12.0.1+dfsg1-3ubuntu0.1~esm1"
},
{
"binary_name": "rpm-i18n",
"binary_version": "4.12.0.1+dfsg1-3ubuntu0.1~esm1"
},
{
"binary_name": "rpm2cpio",
"binary_version": "4.12.0.1+dfsg1-3ubuntu0.1~esm1"
}
]
}
Ubuntu:Pro:18.04:LTS / rpm
Package
- Name
- rpm
- Purl
- pkg:deb/ubuntu/rpm@4.14.1+dfsg1-2ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.12.0.2+dfsg1-2build2
4.14.0+dfsg1-2
4.14.1+dfsg1-2
4.14.1+dfsg1-2ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "debugedit",
"binary_version": "4.14.1+dfsg1-2ubuntu0.1~esm1"
},
{
"binary_name": "librpm-dev",
"binary_version": "4.14.1+dfsg1-2ubuntu0.1~esm1"
},
{
"binary_name": "librpm8",
"binary_version": "4.14.1+dfsg1-2ubuntu0.1~esm1"
},
{
"binary_name": "librpmbuild8",
"binary_version": "4.14.1+dfsg1-2ubuntu0.1~esm1"
},
{
"binary_name": "librpmio8",
"binary_version": "4.14.1+dfsg1-2ubuntu0.1~esm1"
},
{
"binary_name": "librpmsign8",
"binary_version": "4.14.1+dfsg1-2ubuntu0.1~esm1"
},
{
"binary_name": "python-rpm",
"binary_version": "4.14.1+dfsg1-2ubuntu0.1~esm1"
},
{
"binary_name": "python3-rpm",
"binary_version": "4.14.1+dfsg1-2ubuntu0.1~esm1"
},
{
"binary_name": "rpm",
"binary_version": "4.14.1+dfsg1-2ubuntu0.1~esm1"
},
{
"binary_name": "rpm-common",
"binary_version": "4.14.1+dfsg1-2ubuntu0.1~esm1"
},
{
"binary_name": "rpm-i18n",
"binary_version": "4.14.1+dfsg1-2ubuntu0.1~esm1"
},
{
"binary_name": "rpm2cpio",
"binary_version": "4.14.1+dfsg1-2ubuntu0.1~esm1"
}
]
}
Ubuntu:Pro:20.04:LTS / rpm
Package
- Name
- rpm
- Purl
- pkg:deb/ubuntu/rpm@4.14.2.1+dfsg1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.14.2.1+dfsg1-1
4.14.2.1+dfsg1-1build1
4.14.2.1+dfsg1-1build2
4.14.2.1+dfsg1-1ubuntu0.1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "debugedit",
"binary_version": "4.14.2.1+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "librpm-dev",
"binary_version": "4.14.2.1+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "librpm8",
"binary_version": "4.14.2.1+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "librpmbuild8",
"binary_version": "4.14.2.1+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "librpmio8",
"binary_version": "4.14.2.1+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "librpmsign8",
"binary_version": "4.14.2.1+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "python-rpm",
"binary_version": "4.14.2.1+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "python3-rpm",
"binary_version": "4.14.2.1+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "rpm",
"binary_version": "4.14.2.1+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "rpm-common",
"binary_version": "4.14.2.1+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "rpm-i18n",
"binary_version": "4.14.2.1+dfsg1-1ubuntu0.1~esm1"
},
{
"binary_name": "rpm2cpio",
"binary_version": "4.14.2.1+dfsg1-1ubuntu0.1~esm1"
}
]
}
Ubuntu:22.04:LTS / rpm
Package
- Name
- rpm
- Purl
- pkg:deb/ubuntu/rpm@4.17.0+dfsg1-4build1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.16.1.2+dfsg1-3ubuntu1
4.16.1.2+dfsg1-3ubuntu3
4.17.0+dfsg1-1
4.17.0+dfsg1-3
4.17.0+dfsg1-4
4.17.0+dfsg1-4build1
Ecosystem specific
{
"binaries": [
{
"binary_name": "librpm-dev",
"binary_version": "4.17.0+dfsg1-4build1"
},
{
"binary_name": "librpm9",
"binary_version": "4.17.0+dfsg1-4build1"
},
{
"binary_name": "librpmbuild9",
"binary_version": "4.17.0+dfsg1-4build1"
},
{
"binary_name": "librpmio9",
"binary_version": "4.17.0+dfsg1-4build1"
},
{
"binary_name": "librpmsign9",
"binary_version": "4.17.0+dfsg1-4build1"
},
{
"binary_name": "python3-rpm",
"binary_version": "4.17.0+dfsg1-4build1"
},
{
"binary_name": "rpm",
"binary_version": "4.17.0+dfsg1-4build1"
},
{
"binary_name": "rpm-common",
"binary_version": "4.17.0+dfsg1-4build1"
},
{
"binary_name": "rpm-i18n",
"binary_version": "4.17.0+dfsg1-4build1"
},
{
"binary_name": "rpm2cpio",
"binary_version": "4.17.0+dfsg1-4build1"
}
]
}