CVE-2021-35939 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-35939 Interim 1 25 2023-02-11T00:41:35Z current 2022-02-01T02:17:30Z 2023-02-11T00:41:35Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-35939 It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS SUSE Linux Enterprise Server 12 SP4 openSUSE Tumbleweed librpmbuild9-4.18.0-1.1 rpm rpm-32bit rpm-32bit-4.18.0-1.1 rpm-4.18.0-1.1 rpm-build rpm-build-4.18.0-1.1 rpm-build-perl-4.18.0-1.1 rpm-devel-4.18.0-1.1 librpmbuild9-4.18.0-1.1 as a component of openSUSE Tumbleweed rpm-4.18.0-1.1 as a component of openSUSE Tumbleweed rpm-32bit-4.18.0-1.1 as a component of openSUSE Tumbleweed rpm-build-4.18.0-1.1 as a component of openSUSE Tumbleweed rpm-build-perl-4.18.0-1.1 as a component of openSUSE Tumbleweed rpm-devel-4.18.0-1.1 as a component of openSUSE Tumbleweed rpm as a component of SUSE Linux Enterprise High Performance Computing 12 SP4 rpm as a component of SUSE Linux Enterprise Server 11 SP4 LTSS rpm as a component of SUSE Linux Enterprise Server 12 SP4 rpm-32bit as a component of SUSE Linux Enterprise Server 12 SP4 rpm-build as a component of SUSE Linux Enterprise Server 12 SP4 It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2021-35939 openSUSE Tumbleweed:librpmbuild9-4.18.0-1.1 openSUSE Tumbleweed:rpm-4.18.0-1.1 openSUSE Tumbleweed:rpm-32bit-4.18.0-1.1 openSUSE Tumbleweed:rpm-build-4.18.0-1.1 openSUSE Tumbleweed:rpm-build-perl-4.18.0-1.1 openSUSE Tumbleweed:rpm-devel-4.18.0-1.1 SUSE Linux Enterprise High Performance Computing 12 SP4:rpm SUSE Linux Enterprise Server 11 SP4 LTSS:rpm SUSE Linux Enterprise Server 12 SP4:rpm SUSE Linux Enterprise Server 12 SP4:rpm-32bit SUSE Linux Enterprise Server 12 SP4:rpm-build moderate 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H