PT-2021-16517 · Oracle · Virtualbox

Matthias Gerstner

Published

2021-05-05

Updated

2021-10-09

CVE-2021-25319

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: openSUSE Factory virtualbox versions 6.1.20-1.1 and prior versions

Description: A vulnerability in the packaging of virtualbox in openSUSE Factory allows local attackers in the vboxusers group to escalate to root.

Recommendations: For openSUSE Factory virtualbox versions 6.1.20-1.1 and prior versions, update to a version that fixes the incorrect default permissions issue. As a temporary workaround, consider restricting access to the vboxusers group to minimize the risk of exploitation.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2021-25319

OPENSUSE-SU-2021:0723-1

OPENSUSE-SU-2021:0977-1

Affected Products

Virtualbox

PT-2021-16517 · Oracle · Virtualbox

CVE-2021-25319

Weakness Enumeration

Related Identifiers

Affected Products

References · 35