Oracle VM VirtualBox Vulnerability Allows Low Privileged Attackers to Compromise Virtual Machine
CVE-2024-21112

8.8HIGH

Key Information:

Vendor: Oracle
Status: Vm Virtualbox
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability exists in the Oracle VM VirtualBox product, specifically within its core component, impacting all supported versions prior to 7.0.16. This security flaw allows low privileged attackers with logon access to the infrastructure where Oracle VM VirtualBox operates to exploit and compromise the virtualization environment. Although the vulnerability resides within Oracle VM VirtualBox, its exploitation can lead to significant impacts on additional products, thereby expanding the scope of potential risks. Successful exploitation can enable an attacker to take over the Oracle VM VirtualBox, compromising confidentiality, integrity, and availability within the affected system.

Affected Version(s)

VM VirtualBox * < 7.0.16

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2024

Collectors

NVD DatabaseMitre Database