CVE-2021-3631

Name
CVE-2021-3631
Description
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://access.redhat.com/errata/RHSA-2021:3631
Patch https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1977726
Exploit https://gitlab.com/libvirt/libvirt/-/issues/153
CONFIRM https://security.netapp.com/advisory/ntap-20220331-0010/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:* libvirt >= None < 7.5.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libvirt 3.12-main 6.6.0-r4 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable