Vulnerability in Oracle VM VirtualBox by Oracle
CVE-2023-22100

7.9HIGH

Key Information:

Vendor: Oracle
Status: VM VirtualBox
Vendor: CVE Published:; 17 October 2023

Summary

A vulnerability exists in Oracle VM VirtualBox prior to version 7.0.12 that allows a high-privileged attacker, who has access to the virtualization infrastructure, to exploit the weakness. This may lead to unauthorized access to sensitive data or full control over all data accessible by Oracle VM VirtualBox. Additionally, the vulnerability can trigger denial of service, causing frequent crashes or hangs of the Oracle VM VirtualBox service. This susceptibility necessitates prompt updates to mitigate potential risks.

Affected Version(s)

VM VirtualBox * < 7.0.12

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022

Collectors

NVD DatabaseMitre Database