4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.8%
Severity: High
Date : 2021-07-21
CVE-ID : CVE-2021-2409 CVE-2021-2442 CVE-2021-2443 CVE-2021-2454
Package : virtualbox
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-2187
The package virtualbox before version 6.1.24-1 is vulnerable to
multiple issues including information disclosure, sandbox escape and
denial of service.
Upgrade to 6.1.24-1.
The problems have been fixed upstream in version 6.1.24.
None.
A security issue has been found in Oracle VM VirtualBox before version
6.1.24. An easily exploitable vulnerability allows a high privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox
executes to compromise Oracle VM VirtualBox. Successful attacks of this
vulnerability can result in a takeover of Oracle VM VirtualBox.
A security issue has been found in Oracle VM VirtualBox before version
6.1.24. An easily exploitable vulnerability allows a high privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox
executes to compromise Oracle VM VirtualBox. Successful attacks of this
vulnerability can result in the unauthorized ability to cause a hang or
frequently repeatable crash (complete denial of service) of Oracle VM
VirtualBox.
A security issue has been found in Oracle VM VirtualBox before version
6.1.24. An easily exploitable vulnerability allows a high privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox
executes to compromise Oracle VM VirtualBox. Successful attacks of this
vulnerability can result in the unauthorized ability to cause a hang or
frequently repeatable crash (complete denial of service) of Oracle VM
VirtualBox as well as unauthorized update, insert or delete access to
some of Oracle VM VirtualBox accessible data and unauthorized read
access to a subset of Oracle VM VirtualBox accessible data.
A security issue has been found in Oracle VM VirtualBox before version
6.1.24. A difficult to exploit vulnerability allows a low privileged
attacker with logon to the infrastructure where Oracle VM VirtualBox
executes to compromise Oracle VM VirtualBox. Successful attacks of this
vulnerability can result in a takeover of Oracle VM VirtualBox.
A malicious virtual machine guest could escape its confinement to run
arbitrary code on the host system, disclose or modify sensitive
information, or crash VirtualBox.
https://www.oracle.com/security-alerts/cpujul2021verbose.html#OVIR
https://security.archlinux.org/CVE-2021-2409
https://security.archlinux.org/CVE-2021-2442
https://security.archlinux.org/CVE-2021-2443
https://security.archlinux.org/CVE-2021-2454
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | virtualbox | < 6.1.24-1 | UNKNOWN |
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.8%