PT-2023-3614 · Oracle+1 · Virtualbox+1

Ronald Crane

·

Published

2023-07-18

·

Updated

2023-12-07

·

CVE-2023-22017

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 6.1.46 Oracle VM VirtualBox versions prior to 7.0.10
Description The issue is related to a vulnerability in the Oracle VM VirtualBox product, specifically in the Core component. This vulnerability can be easily exploited by a low-privileged attacker with logon access to the infrastructure where Oracle VM VirtualBox executes, allowing them to compromise Oracle VM VirtualBox. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. The vulnerability applies to Windows VMs only.
Recommendations For Oracle VM VirtualBox versions prior to 6.1.46, update to version 6.1.46 or later. For Oracle VM VirtualBox versions prior to 7.0.10, update to version 7.0.10 or later.

Fix

Improper Resource Release

Weakness Enumeration

CWE-404

Related Identifiers

ALT-PU-2023-4923
ALT-PU-2023-4924
ALT-PU-2023-4925
ALT-PU-2023-4926
ALT-PU-2023-4927
ALT-PU-2023-4928
ALT-PU-2023-4929
ALT-PU-2023-4930
ALT-PU-2023-4931
ALT-PU-2023-4932
ALT-PU-2023-5232
ALT-PU-2023-5233
ALT-PU-2023-5234
ALT-PU-2023-5235
ALT-PU-2023-5236
ALT-PU-2023-7554
ALT-PU-2023-7555
ALT-PU-2023-7556
ALT-PU-2023-7557
ALT-PU-2023-7558
BDU:2023-03898
CVE-2023-22017

Affected Products

Alt Linux
Virtualbox