CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.

CVSS v3.0 6.3 MEDIUM
CVSS v2.0 3.3 LOW

6.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://access.redhat.com/errata/RHSA-2021:3631	Vendor Advisory
https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2	Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1977726	Issue Tracking Vendor Advisory
https://gitlab.com/libvirt/libvirt/-/issues/153	Exploit Third Party Advisory
https://security.netapp.com/advisory/ntap-20220331-0010/	Third Party Advisory
https://security.gentoo.org/glsa/202210-06

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0::::advanced_virtualization:::
	cpe:2.3:a:redhat:openshift_container_platform:4.8:::::::*

Configuration 3 (hide)

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Information

Published : 2022-03-02 15:15

Updated : 2022-10-16 10:15

NVD link : CVE-2021-3631

Mitre link : CVE-2021-3631

JSON object : View

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

Advertisement

Products Affected

redhat

openshift_container_platform
enterprise_linux
libvirt

netapp

ontap_select_deploy_administration_utility

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://access.redhat.com/errata/RHSA-2021:3631", "name": "https://access.redhat.com/errata/RHSA-2021:3631", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2", "name": "https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977726", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1977726", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://gitlab.com/libvirt/libvirt/-/issues/153", "name": "https://gitlab.com/libvirt/libvirt/-/issues/153", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://security.netapp.com/advisory/ntap-20220331-0010/", "name": "https://security.netapp.com/advisory/ntap-20220331-0010/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://security.gentoo.org/glsa/202210-06", "name": "GLSA-202210-06", "tags": [], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-732"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-3631", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.0}}, "publishedDate": "2022-03-02T23:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.5.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-10-16T17:15Z"}