DEBIAN-CVE-2021-3631

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2021-3631
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-3631.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-3631
Upstream
Published
2022-03-02T23:15:08Z
Modified
2025-09-25T23:25:21.453871Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.

References

Affected packages

Debian:11 / libvirt

Package

Name
libvirt
Purl
pkg:deb/debian/libvirt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0.0-3+deb11u3

Affected versions

7.*

7.0.0-3
7.0.0-3+deb11u1
7.0.0-3+deb11u2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libvirt

Package

Name
libvirt
Purl
pkg:deb/debian/libvirt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.6.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libvirt

Package

Name
libvirt
Purl
pkg:deb/debian/libvirt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.6.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / libvirt

Package

Name
libvirt
Purl
pkg:deb/debian/libvirt?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.6.0-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}