PT-2024-5868 · Oracle+2 · Virtualbox+2

Faith

Published

2024-07-16

Updated

2025-10-10

CVE-2024-21164

CVSS v3.1

2.5

Low

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 7.0.20

Description A difficult to exploit vulnerability in Oracle VM VirtualBox allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data.

Recommendations For versions prior to 7.0.20, update to version 7.0.20 or later to resolve the issue. At the moment, there is no information about additional mitigation measures.

Fix

Out of bounds Read

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-200

Related Identifiers

ALT-PU-2024-14700

ALT-PU-2024-14702

ALT-PU-2024-14703

ALT-PU-2024-15438

ALT-PU-2024-15440

ALT-PU-2024-15441

ALT-PU-2024-15442

ALT-PU-2024-15443

ALT-PU-2024-15782

ALT-PU-2024-15784

ALT-PU-2025-12585

ALT-PU-2025-12587

ALT-PU-2025-12588

ALT-PU-2025-12589

ALT-PU-2025-12590

BDU:2024-06650

CVE-2024-21164

MGASA-2024-0275

ZDI-24-1034

Affected Products

Alt Linux

Virtualbox

Red Os

PT-2024-5868 · Oracle+2 · Virtualbox+2

CVE-2024-21164

Weakness Enumeration

Related Identifiers

Affected Products

References · 19