Security News > 2021 > November > Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox

Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox
2021-11-23 22:54

A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service condition.

"Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox," the advisory reads.

"Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox".

SentinelLabs researcher Max Van Amerongen has been credited with discovering and reporting the issue, following which fixes have been rolled out by Oracle as part of its Critical Patch Update for July 2021.

Oracle VM VirtualBox is an open-source and cross-platform hypervisor and desktop virtualization software that enables users to run multiple guest operating systems such as Windows, Linux distributions, OpenBSD, and Oracle Solaris on a single physical machine.

Successful attacks of the two shortcomings can enable a local adversary to escalate privileges and execute arbitrary code that results in full takeover of a vulnerable Oracle VM VirtualBox.


News URL

https://thehackernews.com/2021/11/researchers-detail-privilege-escalation.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 781 388 3148 2078 432 6046