Unrated severityNVD Advisory· Published Mar 2, 2022· Updated Nov 19, 2024
CVE-2021-3631
CVE-2021-3631
Description
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
103- osv-coords101 versionspkg:rpm/almalinux/hivexpkg:rpm/almalinux/hivex-develpkg:rpm/almalinux/libguestfspkg:rpm/almalinux/libguestfs-bash-completionpkg:rpm/almalinux/libguestfs-benchmarkingpkg:rpm/almalinux/libguestfs-develpkg:rpm/almalinux/libguestfs-gfs2pkg:rpm/almalinux/libguestfs-gobjectpkg:rpm/almalinux/libguestfs-gobject-develpkg:rpm/almalinux/libguestfs-inspect-iconspkg:rpm/almalinux/libguestfs-javapkg:rpm/almalinux/libguestfs-java-develpkg:rpm/almalinux/libguestfs-javadocpkg:rpm/almalinux/libguestfs-man-pages-japkg:rpm/almalinux/libguestfs-man-pages-ukpkg:rpm/almalinux/libguestfs-rescuepkg:rpm/almalinux/libguestfs-rsyncpkg:rpm/almalinux/libguestfs-toolspkg:rpm/almalinux/libguestfs-tools-cpkg:rpm/almalinux/libguestfs-winsupportpkg:rpm/almalinux/libguestfs-xfspkg:rpm/almalinux/libiscsipkg:rpm/almalinux/libiscsi-develpkg:rpm/almalinux/libiscsi-utilspkg:rpm/almalinux/libnbdpkg:rpm/almalinux/libnbd-develpkg:rpm/almalinux/libvirtpkg:rpm/almalinux/libvirt-adminpkg:rpm/almalinux/libvirt-bash-completionpkg:rpm/almalinux/libvirt-clientpkg:rpm/almalinux/libvirt-daemonpkg:rpm/almalinux/libvirt-daemon-config-networkpkg:rpm/almalinux/libvirt-daemon-config-nwfilterpkg:rpm/almalinux/libvirt-daemon-driver-interfacepkg:rpm/almalinux/libvirt-daemon-driver-networkpkg:rpm/almalinux/libvirt-daemon-driver-nodedevpkg:rpm/almalinux/libvirt-daemon-driver-nwfilterpkg:rpm/almalinux/libvirt-daemon-driver-qemupkg:rpm/almalinux/libvirt-daemon-driver-secretpkg:rpm/almalinux/libvirt-daemon-driver-storagepkg:rpm/almalinux/libvirt-daemon-driver-storage-corepkg:rpm/almalinux/libvirt-daemon-driver-storage-diskpkg:rpm/almalinux/libvirt-daemon-driver-storage-glusterpkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsipkg:rpm/almalinux/libvirt-daemon-driver-storage-iscsi-directpkg:rpm/almalinux/libvirt-daemon-driver-storage-logicalpkg:rpm/almalinux/libvirt-daemon-driver-storage-mpathpkg:rpm/almalinux/libvirt-daemon-driver-storage-rbdpkg:rpm/almalinux/libvirt-daemon-driver-storage-scsipkg:rpm/almalinux/libvirt-daemon-kvmpkg:rpm/almalinux/libvirt-dbuspkg:rpm/almalinux/libvirt-develpkg:rpm/almalinux/libvirt-docspkg:rpm/almalinux/libvirt-libspkg:rpm/almalinux/libvirt-lock-sanlockpkg:rpm/almalinux/libvirt-nsspkg:rpm/almalinux/lua-guestfspkg:rpm/almalinux/nbdfusepkg:rpm/almalinux/nbdkitpkg:rpm/almalinux/nbdkit-bash-completionpkg:rpm/almalinux/nbdkit-basic-filterspkg:rpm/almalinux/nbdkit-basic-pluginspkg:rpm/almalinux/nbdkit-curl-pluginpkg:rpm/almalinux/nbdkit-develpkg:rpm/almalinux/nbdkit-example-pluginspkg:rpm/almalinux/nbdkit-gzip-pluginpkg:rpm/almalinux/nbdkit-linuxdisk-pluginpkg:rpm/almalinux/nbdkit-python-pluginpkg:rpm/almalinux/nbdkit-serverpkg:rpm/almalinux/nbdkit-ssh-pluginpkg:rpm/almalinux/nbdkit-vddk-pluginpkg:rpm/almalinux/nbdkit-xz-filterpkg:rpm/almalinux/netcfpkg:rpm/almalinux/netcf-develpkg:rpm/almalinux/netcf-libspkg:rpm/almalinux/perl-hivexpkg:rpm/almalinux/perl-Sys-Guestfspkg:rpm/almalinux/perl-Sys-Virtpkg:rpm/almalinux/python3-hivexpkg:rpm/almalinux/python3-libguestfspkg:rpm/almalinux/python3-libnbdpkg:rpm/almalinux/python3-libvirtpkg:rpm/almalinux/ruby-hivexpkg:rpm/almalinux/ruby-libguestfspkg:rpm/almalinux/seabiospkg:rpm/almalinux/seabios-binpkg:rpm/almalinux/seavgabios-binpkg:rpm/almalinux/sgabiospkg:rpm/almalinux/sgabios-binpkg:rpm/almalinux/superminpkg:rpm/almalinux/supermin-develpkg:rpm/almalinux/virt-dibpkg:rpm/almalinux/virt-v2vpkg:rpm/opensuse/libvirt&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/libvirt&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/libvirt&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/libvirt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3
< 1.3.18-21.module_el8.5.0+2608+72063365+ 100 more
- (no CPE)range: < 1.3.18-21.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.3.18-21.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 8.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.18.0-8.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.3.0-2.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-37.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.16.2-4.module_el8.5.0+2608+72063365
- (no CPE)range: < 0.2.8-12.module_el8.5.0+2608+72063365
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 0.2.8-12.module_el8.6.0+2880+7d9e3703
- (no CPE)range: < 1.3.18-21.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 6.0.0-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.3.18-21.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1.2.2-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 6.0.0-1.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.3.18-21.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1.13.0-2.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:0.20170427git-3.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:0.20170427git-3.module_el8.5.0+2608+72063365
- (no CPE)range: < 5.1.19-10.module_el8.5.0+2608+72063365
- (no CPE)range: < 5.1.19-10.module_el8.5.0+2608+72063365
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 1:1.40.2-28.module_el8.5.0+2608+72063365.alma
- (no CPE)range: < 6.0.0-lp152.9.12.1
- (no CPE)range: < 7.1.0-6.5.1
- (no CPE)range: < 7.7.0-2.1
- (no CPE)range: < 6.0.0-13.16.2
- (no CPE)range: < 6.0.0-13.16.2
- (no CPE)range: < 7.1.0-6.5.1
- (no CPE)range: < 6.0.0-13.16.2
- (no CPE)range: < 7.1.0-6.5.1
Patches
Vulnerability mechanics
References
7- security.gentoo.org/glsa/202210-06mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2024/04/msg00000.htmlmitremailing-list
- access.redhat.com/errata/RHSA-2021:3631mitre
- bugzilla.redhat.com/show_bug.cgimitre
- gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2mitre
- gitlab.com/libvirt/libvirt/-/issues/153mitre
- security.netapp.com/advisory/ntap-20220331-0010/mitre
News mentions
0No linked articles in our index yet.