Bug ID 1231736
Summary VUL-0: CVE-2024-21273: virtualbox: Oracle VM VirtualBox can be compromised by a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.6
Hardware Other
URL https://smash.suse.de/issue/424170/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee jengelh@inai.de
Reporter smash_bz@suse.de
QA Contact security-team@suse.de
CC camila.matos@suse.com
Target Milestone ---
Found By Security Response Team
Blocker --- 

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization
(component: Core).  Supported versions that are affected are Prior to 7.0.22
and  prior to 7.1.2. Easily exploitable vulnerability allows high privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox executes
to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM
VirtualBox, attacks may significantly impact additional products (scope
change).  Successful attacks of this vulnerability can result in  unauthorized
access to critical data or complete access to all Oracle VM VirtualBox
accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts).  CVSS
Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

References:
https://www.oracle.com/security-alerts/cpuoct2024.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-21273
https://www.cve.org/CVERecord?id=CVE-2024-21273
https://bugzilla.redhat.com/show_bug.cgi?id=2318878

You are receiving this mail because: