PT-2023-3614 · Oracle+1 · Virtualbox+1

Ronald Crane

Publicado

2023-07-18

Atualizado

2023-12-07

CVE-2023-22017

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 6.1.46 Oracle VM VirtualBox versions prior to 7.0.10

Description The issue is related to a vulnerability in the Oracle VM VirtualBox product, specifically in the Core component. This vulnerability can be easily exploited by a low-privileged attacker with logon access to the infrastructure where Oracle VM VirtualBox executes, allowing them to compromise Oracle VM VirtualBox. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. The vulnerability applies to Windows VMs only.

Recommendations For Oracle VM VirtualBox versions prior to 6.1.46, update to version 6.1.46 or later. For Oracle VM VirtualBox versions prior to 7.0.10, update to version 7.0.10 or later.

Correção

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-404

Identificadores relacionados

ALT-PU-2023-4923

ALT-PU-2023-4924

ALT-PU-2023-4925

ALT-PU-2023-4926

ALT-PU-2023-4927

ALT-PU-2023-4928

ALT-PU-2023-4929

ALT-PU-2023-4930

ALT-PU-2023-4931

ALT-PU-2023-4932

ALT-PU-2023-5232

ALT-PU-2023-5233

ALT-PU-2023-5234

ALT-PU-2023-5235

ALT-PU-2023-5236

ALT-PU-2023-7554

ALT-PU-2023-7555

ALT-PU-2023-7556

ALT-PU-2023-7557

ALT-PU-2023-7558

BDU:2023-03898

CVE-2023-22017

Produtos afetados

Alt Linux

Virtualbox

PT-2023-3614 · Oracle+1 · Virtualbox+1

CVE-2023-22017

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9