Mageia Advisory: MGASA-2024-0275 - Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Publication date: 29 Jul 2024
Modification date: 29 Jul 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-21141 , CVE-2024-21161 , CVE-2024-21164

Description

Easily exploitable vulnerability allows high privileged attacker with
logon to the infrastructure where Oracle VM VirtualBox executes to
compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
VirtualBox, attacks may significantly impact additional products (scope
change). Successful attacks of this vulnerability can result in takeover
of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality,
Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

References

https://bugs.mageia.org/show_bug.cgi?id=33408
https://www.oracle.com/security-alerts/cpujul2024.html#AppendixOVIR
https://www.virtualbox.org/wiki/Changelog-7.0#v20
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21164

SRPMS

9/core

virtualbox-7.0.20-1.mga9
kmod-virtualbox-7.0.20-51.mga9

Advisories » MGASA-2024-0275

Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Description

References

SRPMS

9/core