Local Privilege Escalation Vulnerability in Oculus Desktop by Facebook
CVE-2021-24038

7.8HIGH

Key Information:

Vendor: Facebook
Status: Oculus Desktop
Vendor: CVE Published:; 19 August 2021

What is CVE-2021-24038?

A vulnerability within the Oculus Desktop software arises from improper handle management in OVRServiceLauncher.exe. This flaw enables an attacker to expose a privileged process handle to an unprivileged process, resulting in local privilege escalation. Specifically, this issue impacts versions of Oculus Desktop starting from 1.39 up to, but not including, 31.1.0.67.507, posing a significant security risk for users.

Affected Version(s)

Oculus Desktop < 31.1.0.67.507

Oculus Desktop 31.1.0.67.507

Oculus Desktop <= unspecified

References

https://www.facebook.com/security/advisories/cve-2021-24038

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2021
Vulnerability Reserved
Jan 13, 2021