Updated virtualbox, kmod-virtualbox packages fix security vulnerabilities
Publication date: 27 Jan 2025Modification date: 28 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-21571 , CVE-2025-21533
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualization (component: Core). Supported versions that are affected
are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability
allows high privileged attacker with logon to the infrastructure where
Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While
the vulnerability is in Oracle VM VirtualBox, attacks may significantly
impact additional products (scope change). Successful attacks of this
vulnerability can result in unauthorized creation, deletion or
modification access to critical data or all Oracle VM VirtualBox
accessible data as well as unauthorized read access to a subset of
Oracle VM VirtualBox accessible data and unauthorized ability to cause a
partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS
3.1 Base Score 7.3 (Confidentiality, Integrity and Availability
impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L)
References
SRPMS
9/core
- virtualbox-7.0.24-1.mga9
- kmod-virtualbox-7.0.24-63.mga9