6.3
CVE-2021-3631
- EPSS 0.04%
- Published 02.03.2022 23:15:08
- Last modified 21.11.2024 06:22:01
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Openshift Container Platform Version4.8
Redhat ≫ Enterprise Linux Version8.0 SwEditionadvanced_virtualization
Netapp ≫ Ontap Select Deploy Administration Utility Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.132 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 1 | 5.2 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 3.3 | 3.4 | 4.9 |
AV:L/AC:M/Au:N/C:P/I:P/A:N
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.