CVE-2021-3631
MEDIUMRedhat Libvirt < 7.5.0 - Incorrect Permission Assignment
Title source: ruleDescription
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202210-06
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html
Vendor Advisory
https://access.redhat.com/errata/RHSA-2021:3631
Issue Tracking, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1977726
Patch, Third Party Advisory
https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2
Exploit, Third Party Advisory
https://gitlab.com/libvirt/libvirt/-/issues/153
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220331-0010/
Scores
CVSS v3
6.3
EPSS
0.0007
EPSS Percentile
20.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-732
Status
published
Products (4)
netapp/ontap_select_deploy_administration_utility
redhat/enterprise_linux
8.0
redhat/libvirt
< 7.5.0
redhat/openshift_container_platform
4.8
Published
Mar 02, 2022
Tracked Since
Feb 18, 2026