Bugzilla – Bug 1188537
VUL-0: CVE-2021-2442: virtualbox: Improper input validation
Last modified: 2021-08-10 04:18:03 UTC
CVE-2021-2442 Risk: Low CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI] CVE-ID: CVE-2021-2442 CWE-ID: CWE-20 - Improper Input Validation Exploit availability: No Description The vulnerability allows a local privileged user to a crash the entire system. The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system. Mitigation Install update from vendor's website. Vulnerable software versions Oracle VM VirtualBox: 6.1.0, 6.1.2, 6.1.4, 6.1.6, 6.1.8, 6.1.10, 6.1.12, 6.1.14, 6.1.16, 6.1.18, 6.1.20, 6.1.22 References: https://www.cybersecurity-help.cz/vdb/SB2021072060 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-2442 https://www.oracle.com/security-alerts/cpujul2021.html#CVE-2021-2442
This is an autogenerated message for OBS integration: This bug (1188537) was mentioned in https://build.opensuse.org/request/show/907595 15.3 / virtualbox
This is an autogenerated message for OBS integration: This bug (1188537) was mentioned in https://build.opensuse.org/request/show/907614 15.2 / virtualbox
This is an autogenerated message for OBS integration: This bug (1188537) was mentioned in https://build.opensuse.org/request/show/909278 15.2 / virtualbox https://build.opensuse.org/request/show/909279 15.3 / virtualbox
VirtualBox v6.1.24, which has fixed this vulnerability, is in Leap 15.2.
openSUSE-SU-2021:1092-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1188045,1188105,1188535,1188536,1188537,1188538 CVE References: CVE-2021-2409,CVE-2021-2442,CVE-2021-2443,CVE-2021-2454 JIRA References: Sources used: openSUSE Leap 15.3 (src): virtualbox-6.1.24-lp153.2.6.1, virtualbox-kmp-6.1.24-lp153.2.6.1
openSUSE-SU-2021:1114-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1188045,1188105,1188535,1188536,1188537,1188538 CVE References: CVE-2021-2409,CVE-2021-2442,CVE-2021-2443,CVE-2021-2454 JIRA References: Sources used: openSUSE Leap 15.2 (src): virtualbox-6.1.26-lp152.2.35.1, virtualbox-kmp-6.1.26-lp152.2.35.1