[Bug 1201720] New: VUL-0: CVE-2022-21571,CVE-2022-21554: Vulnerability in the Oracle VM VirtualBox (component: Core) affecting version prior to 6.1.36
https://bugzilla.suse.com/show_bug.cgi?id=1201720 Bug ID: 1201720 Summary: VUL-0: CVE-2022-21571,CVE-2022-21554: Vulnerability in the Oracle VM VirtualBox (component: Core) affecting version prior to 6.1.36 Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/337709/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Virtualization:Other Assignee: Larry.Finger@gmail.com Reporter: gianluca.gabrielli@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- Vulnerabilities in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.36. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21571 https://www.oracle.com/security-alerts/cpujul2022.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21571https://www.orac... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201720 Maintenance Robot <maint-coord+maintenance_robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201720 https://bugzilla.suse.com/show_bug.cgi?id=1201720#c2 --- Comment #2 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2022:10067-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1198676,1198677,1198678,1198679,1198680,1198703,1199803,1201720 CVE References: CVE-2022-21465,CVE-2022-21471,CVE-2022-21487,CVE-2022-21488,CVE-2022-21491,CVE-2022-21554,CVE-2022-21571 JIRA References: Sources used: openSUSE Leap 15.4 (src): virtualbox-6.1.36-lp154.2.7.1, virtualbox-kmp-6.1.36-lp154.2.7.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201720 https://bugzilla.suse.com/show_bug.cgi?id=1201720#c5 --- Comment #5 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2022:10122-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1194126,1201720 CVE References: CVE-2022-21554,CVE-2022-21571 JIRA References: Sources used: openSUSE Leap 15.3 (src): virtualbox-6.1.36-lp153.2.33.2, virtualbox-kmp-6.1.36-lp153.2.33.2 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201720 https://bugzilla.suse.com/show_bug.cgi?id=1201720#c8 Larry Finger <Larry.Finger@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #8 from Larry Finger <Larry.Finger@gmail.com> --- Fixed in version 6.1.38, which is now in Tumbleweed, and submitted to Leap 15.3, 15.4, and 15.5. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201720 https://bugzilla.suse.com/show_bug.cgi?id=1201720#c9 --- Comment #9 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2022:10129-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1201720,1203086,1203306,1203370 CVE References: CVE-2022-21554,CVE-2022-21571 JIRA References: Sources used: openSUSE Leap 15.3 (src): virtualbox-6.1.38-lp153.2.36.1, virtualbox-kmp-6.1.38-lp153.2.36.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201720 https://bugzilla.suse.com/show_bug.cgi?id=1201720#c12 --- Comment #12 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2022:10152-1: An update that solves two vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1201720,1203086,1203306,1203370,1203735,1204019 CVE References: CVE-2022-21554,CVE-2022-21571 JIRA References: Sources used: openSUSE Leap 15.4 (src): virtualbox-6.1.38-lp154.2.15.1, virtualbox-kmp-6.1.38-lp154.2.15.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com