Zong Cao

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox version 7.1.6 **Description** The issue allows a low-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. **Recommendations** For version 7.1.6, update to a version that contains a fix for this issue, as the current version is affected and can be exploited. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox version 7.1.6 **Description** The issue allows a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox, as well as unauthorized update, insert, or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. **Recommendations** For Oracle VM VirtualBox version 7.1.6, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 7.0.22 Oracle VM VirtualBox versions prior to 7.1.2 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a low-privileged attacker with logon to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. **Recommendations** For Oracle VM VirtualBox versions prior to 7.0.22, update to version 7.0.22 or later. For Oracle VM VirtualBox versions prior to 7.1.2, update to version 7.1.2 or later. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox until a patch is available.