The `std::fs::remove_dir_all` standard library function is vulnerable to a race condition enabling symlink following. An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete.
Created rust tracking bugs for this issue:
Affects: epel-7 [bug 2043031]
Affects: fedora-all [bug 2043030]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2022:1894 https://access.redhat.com/errata/RHSA-2022:1894
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):