1223267 – (CVE-2024-21111) VUL-0: CVE-2024-21111: virtualbox: local privilege escalation via symbolic link

Bug 1223267 (CVE-2024-21111) - VUL-0: CVE-2024-21111: virtualbox: local privilege escalation via symbolic link

Summary: VUL-0: CVE-2024-21111: virtualbox: local privilege escalation via symbolic link

Status:	RESOLVED INVALID

Alias:	CVE-2024-21111

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Leap 15.6
Hardware:	Other Other

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Larry Finger
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/402187/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-04-22 14:53 UTC by SMASH SMASH
Modified:	2024-04-22 14:53 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-04-22 14:53:13 UTC

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

References:
https://www.oracle.com/security-alerts/cpuapr2024.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-21111
https://www.cve.org/CVERecord?id=CVE-2024-21111

Comment 1 Carlos López 2024-04-22 14:53:44 UTC

Only relevant for Windows, closing.