PT-2023-9584 · Oracle+2 · Virtualbox+2

Zheyu Ma

Publicado

2023-12-07

Atualizado

2025-12-01

CVE-2024-21253

CVSS v3.1

2.3

Baixa

Vetor

AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 7.0.22

Description The issue is related to errors in resource release due to insufficient input validation in the Core component of Oracle VM VirtualBox. Exploitation of this issue can allow an attacker to cause a partial denial of service. The vulnerability can be easily exploited by a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes, potentially resulting in unauthorized ability to cause a partial denial of service of Oracle VM VirtualBox.

Recommendations For versions prior to 7.0.22, update to version 7.0.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

Correção

DoS

RCE

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-404

Identificadores relacionados

ALT-PU-2024-17317

ALT-PU-2025-12585

ALT-PU-2025-12587

ALT-PU-2025-12588

ALT-PU-2025-12589

ALT-PU-2025-12590

BDU:2024-08505

CVE-2024-21253

MGASA-2025-0002

Produtos afetados

Alt Linux

Virtualbox

Red Os

PT-2023-9584 · Oracle+2 · Virtualbox+2

CVE-2024-21253

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20