PT-2021-15660 · Meta · Oculus Desktop

Published

2021-08-18

Updated

2021-08-27

CVE-2021-24038

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507

Description: The issue is caused by a bug in the management of handles in OVRServiceLauncher.exe, allowing an attacker to expose a privileged process handle to an unprivileged process. This can lead to local privilege escalation.

Recommendations: For Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507, update to version 31.1.0.67.507 or later to resolve the issue. As a temporary workaround, consider restricting access to the OVRServiceLauncher.exe to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2021-24038

Affected Products

Oculus Desktop

PT-2021-15660 · Meta · Oculus Desktop

CVE-2021-24038

Weakness Enumeration

Related Identifiers

Affected Products

References · 4