PT-2022-7295 · Libvirt+10 · Libvirt+10

Daniel P. Berrangé

Published

2021-07-27

Updated

2024-06-15

CVE-2021-3631

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libvirt (affected versions not specified)

Description The issue is related to the generation of SELinux MCS category pairs for dynamic labels of virtual machines in the libvirt library. This flaw can be exploited by a remote attacker to gain access to confidential information. It allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this issue is to confidentiality and integrity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALSA-2021:4191

ALT-PU-2021-2714

ALT-PU-2021-3364

BDU:2024-02428

CESA-2021_4191

CVE-2021-3631

DLA-3778-1

MGASA-2021-0399

OESA-2021-1385

OPENSUSE-SU-2021:1119-1

OPENSUSE-SU-2021:2812-1

OPENSUSE-SU-2021_1119-1

OPENSUSE-SU-2021_2812-1

OPENSUSE-SU-2024:11008-1

RHSA-2021:3703

RHSA-2021:3704

RHSA-2021:4191

RHSA-2021_4191

RLSA-2021:4191

SUSE-SU-2021:2471-1

SUSE-SU-2021:2812-1

SUSE-SU-2021_2471-1

SUSE-SU-2021_2812-1

USN-5399-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libvirt

PT-2022-7295 · Libvirt+10 · Libvirt+10

CVE-2021-3631

Weakness Enumeration

Related Identifiers

Affected Products

References · 106