Category Archives: Advisories

ZDI-24-412: (Pwn2Own) Oracle VirtualBox VirtIOCore Buffer Overflow Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21114.

Read More

ZDI-24-411: (Pwn2Own) Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-21121.

Read More

ZDI-24-410: Oracle VirtualBox vboxdrv Improper Privilege Management Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21116.

Read More

ZDI-24-409: Oracle VirtualBox Guest Additions Improper Access Control Local Privilege Escalation Vulnerability

Read Time:21 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. In addition, some user interaction is required on the part of a user on the host. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2024-21110.

Read More