Blog

Nov 24, 2021

Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox

Posted by in category: futurism

A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service (DoS) condition.

“Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox,” the advisory reads. “Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DoS) of Oracle VM VirtualBox”

Tracked as CVE-2021–2442 (CVSS score: 6.0), the flaw affects all versions of the product prior to 6.1.24. SentinelLabs researcher Max Van Amerongen has been credited with discovering and reporting the issue, following which fixes have been rolled out by Oracle as part of its Critical Patch Update for July 2021.

Leave a reply