CVE-2024-21116

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 7.0.16

Description The issue is related to improper privilege management in the Oracle VM VirtualBox product, allowing a low-privileged attacker with logon access to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in the takeover of Oracle VM VirtualBox. This vulnerability applies to Linux hosts only.

Recommendations To resolve the issue, update Oracle VM VirtualBox to version 7.0.16 or later. As a temporary workaround, consider restricting access to the vulnerable component until a patch is applied. Note that this vulnerability can be exploited by low-privileged attackers, so it is essential to apply the update as soon as possible to minimize the risk of exploitation.