1228078 – (CVE-2024-21164) VUL-0: CVE-2024-21164: virtualbox: high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes can obtain unauthorized read access to a subset of Oracle VM VirtualBox accessible data

Bug 1228078 (CVE-2024-21164) - VUL-0: CVE-2024-21164: virtualbox: high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes can obtain unauthorized read access to a subset of Oracle VM VirtualBox accessible data

Summary: VUL-0: CVE-2024-21164: virtualbox: high privileged attacker with logon to the...

Status:	NEW

Alias:	CVE-2024-21164

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Leap 15.6
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal (vote)
Target Milestone:	---
Assignee:	Larry Rainey
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/414396/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-07-17 14:38 UTC by SMASH SMASH
Modified:	2024-07-17 15:15 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-07-17 14:38:38 UTC

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 7.0.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).

References:
https://www.oracle.com/security-alerts/cpujul2024.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-21164
https://www.cve.org/CVERecord?id=CVE-2024-21164

Comment 1 Camila Camargo de Matos 2024-07-17 14:39:22 UTC

openSUSE:Factory/virtualbox is currently affected by this issue.