vulnerability
Amazon Linux 2023: CVE-2021-35938: Medium priority package update for rpm
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:M/C:C/I:C/A:C) | Jun 30, 2021 | Feb 17, 2025 | Jul 4, 2025 |
Severity
6
CVSS
(AV:L/AC:M/Au:M/C:C/I:C/A:C)
Published
Jun 30, 2021
Added
Feb 17, 2025
Modified
Jul 4, 2025
Description
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Solutions
amazon-linux-2023-upgrade-python3-rpmamazon-linux-2023-upgrade-python3-rpm-debuginfoamazon-linux-2023-upgrade-rpmamazon-linux-2023-upgrade-rpm-apidocsamazon-linux-2023-upgrade-rpm-buildamazon-linux-2023-upgrade-rpm-build-debuginfoamazon-linux-2023-upgrade-rpm-build-libsamazon-linux-2023-upgrade-rpm-build-libs-debuginfoamazon-linux-2023-upgrade-rpm-cronamazon-linux-2023-upgrade-rpm-debuginfoamazon-linux-2023-upgrade-rpm-debugsourceamazon-linux-2023-upgrade-rpm-develamazon-linux-2023-upgrade-rpm-devel-debuginfoamazon-linux-2023-upgrade-rpm-libsamazon-linux-2023-upgrade-rpm-libs-debuginfoamazon-linux-2023-upgrade-rpm-plugin-auditamazon-linux-2023-upgrade-rpm-plugin-audit-debuginfoamazon-linux-2023-upgrade-rpm-plugin-fapolicydamazon-linux-2023-upgrade-rpm-plugin-fapolicyd-debuginfoamazon-linux-2023-upgrade-rpm-plugin-imaamazon-linux-2023-upgrade-rpm-plugin-ima-debuginfoamazon-linux-2023-upgrade-rpm-plugin-prioresetamazon-linux-2023-upgrade-rpm-plugin-prioreset-debuginfoamazon-linux-2023-upgrade-rpm-plugin-selinuxamazon-linux-2023-upgrade-rpm-plugin-selinux-debuginfoamazon-linux-2023-upgrade-rpm-plugin-syslogamazon-linux-2023-upgrade-rpm-plugin-syslog-debuginfoamazon-linux-2023-upgrade-rpm-plugin-systemd-inhibitamazon-linux-2023-upgrade-rpm-plugin-systemd-inhibit-debuginfoamazon-linux-2023-upgrade-rpm-signamazon-linux-2023-upgrade-rpm-sign-debuginfoamazon-linux-2023-upgrade-rpm-sign-libsamazon-linux-2023-upgrade-rpm-sign-libs-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.