CVE-2021-3631

CWE-732 — Incorrect Permission Assignment8 documents8 sources

Severity

6.3MEDIUM

EPSS

0.1%

top 79.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt Redhat Enterprise Linux Redhat Openshift Container Platform

Timeline

PublishedMar 2

Latest updateMay 2

Description

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.0 | Impact: 5.2

Affected Packages3 packages

▶NVDredhat/libvirt< 7.5.0

▶Debianlibvirt< 7.0.0-3+deb11u3+3

▶CVEListV5libvirtFixed-In - libvirt v7.5.0

Also affects: Enterprise Linux 8.0, Openshift Container Platform 4.8

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

GHSA

GHSA-4225-xq9f-4ww3: A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels↗2022-03-04

▶

CVEList

CVE-2021-3631: A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels↗2022-03-02

▶

OSV

CVE-2021-3631: A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels↗2022-03-02

▶

📋Vendor Advisories

Ubuntu

libvirt vulnerabilities↗2022-05-02

▶

Microsoft

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest resulting in the break↗2022-03-08

▶

Red Hat

libvirt: Insecure sVirt label generation↗2021-04-13

▶

Debian

CVE-2021-3631: libvirt - A flaw was found in libvirt while it generates SELinux MCS category pairs for VM...↗2021

▶