CVE-2021-3631
First published: Tue Apr 13 2021(Updated: )
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Libvirt | <7.5.0 | |
| Redhat Openshift Container Platform | =4.8 | |
| Redhat Enterprise Linux | =8.0 | |
| NetApp ONTAP Select Deploy administration utility | ||
| redhat/libvirt | <7.5.0 | 7.5.0 |
| debian/libvirt | 7.0.0-3+deb11u3 9.0.0-4+deb12u1 10.7.0-3 |
Remedy
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-3631 https://nvd.nist.gov/vuln/detail/CVE-2021-3631
- https://bugzilla.redhat.com/show_bug.cgi?id=1977726
- https://access.redhat.com/errata/RHSA-2021:3704
- https://access.redhat.com/errata/RHSA-2021:3703
- https://access.redhat.com/errata/RHSA-2021:4191
- https://access.redhat.com/security/cve/cve-2021-3631
- https://access.redhat.com/errata/RHSA-2021:3631
- https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2
- https://gitlab.com/libvirt/libvirt/-/issues/153
- https://security.gentoo.org/glsa/202210-06
- https://security.netapp.com/advisory/ntap-20220331-0010/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1977760
- https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html
- https://launchpad.net/bugs/cve/CVE-2021-3631
- https://security-tracker.debian.org/tracker/CVE-2021-3631
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3631
- https://nvd.nist.gov/vuln/detail/CVE-2021-3631
- https://ubuntu.com/security/CVE-2021-3631
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID of this flaw in libvirt?
The vulnerability ID is CVE-2021-3631.
What is the severity level of CVE-2021-3631?
The severity level of CVE-2021-3631 is low.
How does CVE-2021-3631 affect confidentiality?
CVE-2021-3631 poses a threat to confidentiality.
What software versions are affected by CVE-2021-3631?
Versions 6.0.0-0ubuntu8.16, 7.6.0-1, 4.0.0-1ubuntu8.21, 7.6.0-0ubuntu3, 7.6.0-0ubuntu3, 7.6.0-0ubuntu3, 7.5.0, 9.0.0-4, and 9.7.0-1 of libvirt are affected by CVE-2021-3631.
How can I fix CVE-2021-3631?
Run the recommended updates for the affected libvirt versions.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3631
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/remedy
- agent/description
- collector/nvd-api
- source/NVD
- agent/author
- collector/nvd-cve
- agent/references
- agent/tags
- collector/launchpad-cve
- source/Launchpad
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/redhat
- canonical/redhat libvirt
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.8
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- vendor/netapp
- canonical/netapp ontap select deploy administration utility
- package-manager/redhat
- package-manager/debian