PT-2024-5832 · Oracle+2 · Virtualbox+2

Khang Phan

Published

2024-07-16

Updated

2025-10-10

CVE-2024-21141

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 7.0.20

Description The issue allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks can result in takeover of Oracle VM VirtualBox.

Recommendations For versions prior to 7.0.20, update to version 7.0.20 or later to resolve the issue. At the moment, there is no information about additional mitigation measures.

Fix

Improper Access Control

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-269

Related Identifiers

ALT-PU-2024-14700

ALT-PU-2024-14702

ALT-PU-2024-14703

ALT-PU-2024-15438

ALT-PU-2024-15440

ALT-PU-2024-15441

ALT-PU-2024-15442

ALT-PU-2024-15443

ALT-PU-2024-15782

ALT-PU-2024-15784

ALT-PU-2025-12585

ALT-PU-2025-12587

ALT-PU-2025-12588

ALT-PU-2025-12589

ALT-PU-2025-12590

BDU:2024-06577

CVE-2024-21141

MGASA-2024-0275

Affected Products

Alt Linux

Virtualbox

Red Os

PT-2024-5832 · Oracle+2 · Virtualbox+2

CVE-2024-21141

Weakness Enumeration

Related Identifiers

Affected Products

References · 20