CVE-2024-21111

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 7.0.16

Description The issue is related to errors in processing input data in the Core component of Oracle VM VirtualBox. This can be exploited by an attacker to elevate privileges or execute arbitrary code by manipulating log files. The vulnerability applies to Windows hosts only and can result in the takeover of Oracle VM VirtualBox. Successful attacks can compromise the confidentiality, integrity, and availability of the system.

Recommendations For Oracle VM VirtualBox versions prior to 7.0.16, update to version 7.0.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component or limiting the ability to manipulate log files in the C:ProgramDataVirtualBox directory to minimize the risk of exploitation.