Lucene search

[email protected]NVD:CVE-2021-3631

HistoryMar 02, 2022 - 11:15 p.m.

CVE-2021-3631

2022-03-0223:15:08

CWE-732

[email protected]

web.nvd.nist.gov

libvirt

selinux

dynamic labels

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

26.8%

JSON

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs’ dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.

Affected configurations

Nvd

Node

redhatlibvirtRange<7.5.0

Node

redhatopenshift_container_platformMatch4.8

redhatenterprise_linuxMatch8.0advanced_virtualization

Node

netappontap_select_deploy_administration_utilityMatch-

VendorProductVersionCPE
redhatlibvirt*cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
redhatopenshift_container_platform4.8cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
netappontap_select_deploy_administration_utility-cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	libvirt	*	cpe:2.3:a:redhat:libvirt::::::::
redhat	openshift_container_platform	4.8	cpe:2.3:a:redhat:openshift_container_platform:4.8:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0::::advanced_virtualization:::
netapp	ontap_select_deploy_administration_utility	-	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*