Vulnerability CVE-2021-3631

Vulnerability Name:

CVE-2021-3631 (CCN-221073)

Assigned:

2021-04-13

Published:

2021-04-13

Updated:

2022-10-28

Summary:

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.

CVSS v3 Severity:

6.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)
5.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): None

3.0 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N)
2.6 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

3.0 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N)
2.6 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

3.3 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

2.4 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-732

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2021-3631

Source: MISC
Type: Vendor Advisory
https://access.redhat.com/errata/RHSA-2021:3631

Source: CCN
Type: Red Hat Bugzilla Bug 1977726
(CVE-2021-3631) - CVE-2021-3631 libvirt: Insecure sVirt label generation

Source: MISC
Type: Issue Tracking, Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1977726

Source: XF
Type: UNKNOWN
libvirt-cve20213631-sec-bypass(221073)

Source: CCN
Type: libvirt GitLab
security: fix SELinux label generation logic

Source: MISC
Type: Patch, Third Party Advisory
https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2

Source: MISC
Type: Exploit, Third Party Advisory
https://gitlab.com/libvirt/libvirt/-/issues/153

Source: GENTOO
Type: Third Party Advisory
GLSA-202210-06

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220331-0010/

Vulnerable Configuration:

Configuration 1:

cpe:/a:redhat:libvirt:*:*:*:*:*:*:*:* (Version < 7.5.0)

Configuration 2:

cpe:/o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*

OR cpe:/a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration CCN 1:

cpe:/a:libvirt:libvirt:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8047	P	openldap2-devel-32bit-2.4.46-150200.14.11.2 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7976	P	sane-backends-1.0.32-150400.15.2.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7692	P	libvirt-libs-9.0.0-150500.4.3 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:761	P	Security update for 389-ds (Moderate)	2022-09-16
oval:org.opensuse.security:def:6148	P	Security update for libcroco (Important)	2022-08-26
oval:org.opensuse.security:def:3662	P	Security update for ldb, samba (Important)	2022-08-03
oval:org.opensuse.security:def:3461	P	cron-4.2-59.10.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3100	P	gvim-7.4.326-17.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3504	P	gnome-settings-daemon-3.20.1-50.16.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94730	P	libvirt-libs-8.0.0-150400.5.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95134	P	libvirt-8.0.0-150400.5.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94573	P	grub2-2.06-150400.9.9 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95331	P	Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate) (in QA)	2022-05-24
oval:org.opensuse.security:def:112903	P	libvirt-7.7.0-2.1 on GA media (Moderate)	2022-01-17
oval:com.redhat.rhsa:def:20214191	P	RHSA-2021:4191: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate)	2021-11-09
oval:org.opensuse.security:def:106362	P	libvirt-7.7.0-2.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:67237	P	Security update for libvirt (Moderate)	2021-08-23
oval:org.opensuse.security:def:73873	P	Security update for libvirt (Moderate)	2021-08-23
oval:org.opensuse.security:def:1624	P	Security update for libvirt (Moderate)	2021-08-23
oval:org.opensuse.security:def:64751	P	Security update for libvirt (Moderate)	2021-08-23
oval:org.opensuse.security:def:101492	P	Security update for libvirt (Moderate)	2021-08-23
oval:org.opensuse.security:def:69136	P	Security update for libvirt (Moderate)	2021-08-23
oval:org.opensuse.security:def:102200	P	Security update for libvirt (Moderate)	2021-08-23
oval:org.opensuse.security:def:76305	P	Security update for libvirt (Moderate)	2021-08-23
oval:org.opensuse.security:def:111684	P	Security update for libvirt (Moderate)	2021-08-23
oval:org.opensuse.security:def:111001	P	Security update for libvirt (Moderate)	2021-08-10
oval:org.opensuse.security:def:101286	P	openldap2-devel-32bit-2.4.46-9.51.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:73672	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:109413	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:117467	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:64550	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:42106	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:102747	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:69065	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:118509	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:96057	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:107952	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:75940	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:66872	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:108710	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:5783	P	Security update for libvirt (Moderate)	2021-07-27
oval:org.opensuse.security:def:102044	P	Security update for libvirt (Moderate)	2021-07-27

BACK