CVE-2022-39422

CVSS v3.1

7.5

High

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 6.1.38

Description The issue is related to insufficient input validation in the PGMPhysRead() function of the Core component in Oracle VM VirtualBox. This allows a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks can result in the takeover of Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products.

Recommendations For versions prior to 6.1.38, update to version 6.1.38 or later to resolve the issue. As a temporary workaround, consider restricting access to the PGMPhysRead() function until a patch is available.

Fix

Improper Privilege Management

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-20

Related Identifiers

ALT-PU-2022-2541

ALT-PU-2022-2542

ALT-PU-2022-2543

ALT-PU-2022-2544

ALT-PU-2022-2545

ALT-PU-2022-2601

ALT-PU-2022-2602

ALT-PU-2022-2603

ALT-PU-2022-2604

ALT-PU-2022-2605

ALT-PU-2023-4088

ALT-PU-2023-4089

ALT-PU-2023-4090

ALT-PU-2023-4664

ALT-PU-2023-4665

ALT-PU-2023-4729

ALT-PU-2023-4730

BDU:2023-05311

CVE-2022-39422

ZDI-22-1152

Affected Products

Alt Linux

Virtualbox

CVE-2022-39422

Weakness Enumeration

Related Identifiers

Affected Products

References · 16