CVE-2024-21253

CVSS v3.1

2.3

Low

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 7.0.22

Description The issue is related to errors in resource release due to insufficient input validation in the Core component of Oracle VM VirtualBox. Exploitation of this issue can allow an attacker to cause a partial denial of service. The vulnerability can be easily exploited by a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes, potentially resulting in unauthorized ability to cause a partial denial of service of Oracle VM VirtualBox.

Recommendations For versions prior to 7.0.22, update to version 7.0.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

Fix

DoS

RCE

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-404

Related Identifiers

ALT-PU-2024-17317

ALT-PU-2025-12585

ALT-PU-2025-12587

ALT-PU-2025-12588

ALT-PU-2025-12589

ALT-PU-2025-12590

BDU:2024-08505

CVE-2024-21253

MGASA-2025-0002

Affected Products

Alt Linux

Virtualbox

Red Os

CVE-2024-21253

Weakness Enumeration

Related Identifiers

Affected Products

References · 20