CVE-2021-3631

Updated: 2023-11-04 20:20:30.028645

Description:

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x LOW 3.3
CVSS Version 3.x MEDIUM 6.3

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS libvirt 0.10.2 6.3 MEDIUM Ignored 2022-03-31 06:48:26
CentOS 8.4 ELS libvirt 6.0.0-35.1 6.3 MEDIUM Released CLSA-2022:1646071990 2022-03-31 06:48:26
CentOS 8.5 ELS libvirt 6.0.0-37 6.3 MEDIUM Not Vulnerable 2022-03-31 06:48:26
CloudLinux 6 ELS libvirt 0.10.2 6.3 MEDIUM Ignored 2022-03-31 06:48:26
Oracle Linux 6 ELS libvirt 0.10.2 6.3 MEDIUM Ignored 2022-03-31 06:48:26
Ubuntu 16.04 ELS libvirt 1.3.1-1 6.3 MEDIUM Ignored 2022-03-31 06:48:26
Ubuntu 18.04 ELS libvirt 4.0.0-1 6.3 MEDIUM Already Fixed 2023-06-02 09:09:40