1228074 – (CVE-2024-21141) VUL-0: CVE-2024-21141: virtualbox: high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes can compromise Oracle VM VirtualBox

Bug 1228074 (CVE-2024-21141) - VUL-0: CVE-2024-21141: virtualbox: high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes can compromise Oracle VM VirtualBox

Summary: VUL-0: CVE-2024-21141: virtualbox: high privileged attacker with logon to the...

Status:	NEW

Alias:	CVE-2024-21141

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Leap 15.6
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assignee:	Larry Rainey
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/414377/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-07-17 14:26 UTC by SMASH SMASH
Modified:	2024-07-17 15:15 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-07-17 14:26:17 UTC

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

References:
https://www.oracle.com/security-alerts/cpujul2024.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-21141
https://www.cve.org/CVERecord?id=CVE-2024-21141

Comment 1 Camila Camargo de Matos 2024-07-17 14:27:44 UTC

openSUSE:Factory/virtualbox is currently affected by this issue.

Comment 2 Larry Rainey 2024-07-17 15:08:25 UTC

7.0.20 is ready and I have released it.