Lucene search

[email protected]CVE-2021-3631

HistoryMar 02, 2022 - 11:15 p.m.

CVE-2021-3631

2022-03-0223:15:08

CWE-732

[email protected]

web.nvd.nist.gov

153

libvirt

selinux

mcs

category pairs

vms

svirt confinement

vulnerability

confidentiality

integrity

nvd

cve-2021-3631

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

26.8%

JSON

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs’ dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.

Affected configurations

Vulners

NVD

Node

libvirtlibvirtRange≤7.5.0

VendorProductVersionCPE
jenkinslibvirt_slaves*cpe:2.3:a:jenkins:libvirt_slaves:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jenkins	libvirt_slaves	*	cpe:2.3:a:jenkins:libvirt_slaves::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "libvirt",
    "versions": [
      {
        "version": "Fixed-In - libvirt v7.5.0",
        "status": "affected"
      }
    ]
  }
]