PT-2021-7915 · Oracle+2 · Virtualbox+2

Dohyun Lee

+1

·

Published

2021-10-19

·

Updated

2023-08-07

·

CVE-2021-35540

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 6.1.28
Description The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, which can be exploited to cause a denial of service. A low-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes can compromise Oracle VM VirtualBox, resulting in the ability to cause a hang or frequently repeatable crash.
Recommendations For versions prior to 6.1.28, update to version 6.1.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

Fix

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2021-3169
ALT-PU-2021-3170
ALT-PU-2021-3171
ALT-PU-2021-3172
ALT-PU-2021-3173
ALT-PU-2021-3661
ALT-PU-2021-3662
ALT-PU-2021-3663
ALT-PU-2021-3664
ALT-PU-2021-3665
ALT-PU-2023-4088
ALT-PU-2023-4089
ALT-PU-2023-4090
ALT-PU-2023-4664
ALT-PU-2023-4665
ALT-PU-2023-4729
ALT-PU-2023-4730
BDU:2023-05309
CVE-2021-35540
MGASA-2021-0488
OPENSUSE-SU-2021:1393-1
OPENSUSE-SU-2021:1403-1
OPENSUSE-SU-2021_1393-1
OPENSUSE-SU-2021_1403-1

Affected Products

Alt Linux
Virtualbox
Suse