PT-2022-4001 · Oracle+2 · Virtualbox+2

Kun Yang

+1

·

Published

2022-07-19

·

Updated

2023-08-07

·

CVE-2022-21554

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 6.1.36
Description The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox. This can be exploited by a high-privileged attacker with logon access to the infrastructure where Oracle VM VirtualBox is executed, potentially allowing them to cause a hang or frequently repeatable crash of Oracle VM VirtualBox, resulting in a denial of service.
Recommendations For versions prior to 6.1.36, update to version 6.1.36 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

Fix

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2022-2296
ALT-PU-2022-2297
ALT-PU-2022-2298
ALT-PU-2022-2299
ALT-PU-2022-2300
ALT-PU-2022-2329
ALT-PU-2022-2330
ALT-PU-2022-2331
ALT-PU-2022-2332
ALT-PU-2022-2333
ALT-PU-2023-4088
ALT-PU-2023-4089
ALT-PU-2023-4090
ALT-PU-2023-4664
ALT-PU-2023-4665
ALT-PU-2023-4729
ALT-PU-2023-4730
BDU:2022-04834
CVE-2022-21554
MGASA-2022-0265
OPENSUSE-SU-2022:10067-1
OPENSUSE-SU-2022:10122-1
OPENSUSE-SU-2022:10129-1
OPENSUSE-SU-2022:10152-1
OPENSUSE-SU-2022_10067-1
OPENSUSE-SU-2022_10122-1
OPENSUSE-SU-2022_10129-1
OPENSUSE-SU-2022_10152-1

Affected Products

Alt Linux
Virtualbox
Suse