A flaw was found in RPM\'s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
Find out more about CVE-2021-20271 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
| Product Name | Status | Defect | Fixed | Downloads |
|---|---|---|---|---|
| Linux | ||||
| Wind River Linux LTS 17 | Won't Fix | -- | -- | -- |
| Wind River Linux 8 | Requires LTSS | -- | -- | -- |
| Wind River Linux 9 | Requires LTSS | -- | -- | -- |
| Wind River Linux 7 | Requires LTSS | -- | -- | -- |
| Wind River Linux LTS 21 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 22 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 18 | Fixed |
LIN1018-7458 |
10.18.44.23 | -- |
| Wind River Linux LTS 19 | Fixed |
LIN1019-6290 |
10.19.45.17 | -- |
| Wind River Linux CD release | Fixed | -- | 10.21.20.0 | -- |
| Wind River Linux 6 | Requires LTSS | -- | -- | -- |
| Wind River Linux LTS 23 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 24 | Not Vulnerable | -- | -- | -- |
| VxWorks | ||||
| VxWorks 7 | Not Vulnerable | -- | -- | -- |
| VxWorks 6.9 | Not Vulnerable | -- | -- | -- |
| Helix Virtualization Platform Cert Edition | ||||
| Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
| eLxr | ||||
| eLxr 12 | Not Vulnerable | -- | -- | -- |
| Wind River Studio Cloud Platform | ||||
| Product Name | Status | Defect | Fixed | Downloads |
|---|
