Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Oracle
  • Vm Virtualbox

Configuration 1 [-]

OR cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
References
Link Resource
https://security.gentoo.org/glsa/202310-07
https://www.oracle.com/security-alerts/cpujan2023.html Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: oracle

Published: 2023-01-17T23:35:27.589Z

Updated: 2023-03-23T23:37:50.184Z

Reserved: 2022-12-17T19:26:00.711Z

Link: CVE-2023-21899

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2023-01-18T00:15:17.253

Modified: 2023-10-08T09:15:11.637

Link: CVE-2023-21899

JSON object: View

cve-icon Redhat Information

No data.

CWE