Siqi Chen

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.42 Oracle VM VirtualBox versions prior to 7.0.6 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. **Recommendations** For Oracle VM VirtualBox versions prior to 6.1.42, update to version 6.1.42 or later. For Oracle VM VirtualBox versions prior to 7.0.6, update to version 7.0.6 or later. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** The issue is related to an off-by-one read/write problem in the SDHCI device of QEMU. It occurs when reading or writing the Buffer Data Port Register in `sdhci read dataport` and `sdhci write dataport` functions, respectively, if `data count` equals `block size`. A malicious guest could exploit this flaw to crash the QEMU process on the host, resulting in a denial of service condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.