virtualbox: missing sticky bit for /etc/vbox allows local root exploit for members of vboxusers group
CVE-2021-25319
7.8HIGH
What is CVE-2021-25319?
A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions.
Affected Version(s)
Factory virtualbox <= 6.1.20-1.1