Vulnerability Details : CVE-2021-3631
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
Products affected by CVE-2021-3631
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
- cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Threat overview for CVE-2021-3631
Top countries where our scanners detected CVE-2021-3631
Top open port discovered on systems with this issue
53
IPs affected by CVE-2021-3631 61,437
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2021-3631!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2021-3631
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3631
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:L/AC:M/Au:N/C:P/I:P/A:N |
3.4
|
4.9
|
NIST | |
6.3
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.0
|
5.2
|
NIST |
CWE ids for CVE-2021-3631
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2021-3631
-
https://security.gentoo.org/glsa/202210-06
libvirt: Multiple Vulnerabilities (GLSA 202210-06) — Gentoo securityThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20220331-0010/
CVE-2021-3631 Libvirt Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://gitlab.com/libvirt/libvirt/-/issues/153
Selinux MCS generate a single category context and may be accessed by another machine (#153) · Issues · libvirt / libvirt · GitLabExploit;Third Party Advisory
-
https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2
security: fix SELinux label generation logic (15073504) · Commits · libvirt / libvirt · GitLabPatch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1977726
1977726 – (CVE-2021-3631) CVE-2021-3631 libvirt: Insecure sVirt label generationIssue Tracking;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html
[SECURITY] [DLA 3778-1] libvirt security update
-
https://access.redhat.com/errata/RHSA-2021:3631
RHSA-2021:3631 - Security Advisory - Red Hat Customer PortalVendor Advisory
Jump to