Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox

2021-11-23 22:54

A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service condition.

"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox," the advisory reads.

"Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox".

SentinelLabs researcher Max Van Amerongen has been credited with discovering and reporting the issue, following which fixes have been rolled out by Oracle as part of its Critical Patch Update for July 2021.

Oracle VM VirtualBox is an open-source and cross-platform hypervisor and desktop virtualization software that enables users to run multiple guest operating systems such as Windows, Linux distributions, OpenBSD, and Oracle Solaris on a single physical machine.

Successful attacks of the two shortcomings can enable a local adversary to escalate privileges and execute arbitrary code that results in full takeover of a vulnerable Oracle VM VirtualBox.

News URL

https://thehackernews.com/2021/11/researchers-detail-privilege-escalation.html

#oracle #researcher #virtualbox

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Oracle		976	1143	6172	1135	751	9201