|
|
Subscribe / Log in / New account

Mageia alert MGASA-2024-0275 (virtualbox)



From:
              Mageia Updates <buildsystem-daemon@mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2024-0275: Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities


Date:
              Mon, 29 Jul 2024 20:27:02 +0200


Message-ID:
              <20240729182702.73FD7A0D3A@duvel.mageia.org>


Archive-link:
              Article


MGASA-2024-0275 - Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities

Publication date: 29 Jul 2024
URL: https://advisories.mageia.org/MGASA-2024-0275.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2024-21141,
     CVE-2024-21161,
     CVE-2024-21164

Description:
Easily exploitable vulnerability allows high privileged attacker with
logon to the infrastructure where Oracle VM VirtualBox executes to
compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
VirtualBox, attacks may significantly impact additional products (scope
change). Successful attacks of this vulnerability can result in takeover
of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality,
Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

References:
- https://bugs.mageia.org/show_bug.cgi?id=33408
- https://www.oracle.com/security-alerts/cpujul2024.html#Ap...
- https://www.virtualbox.org/wiki/Changelog-7.0#v20
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2...

SRPMS:
- 9/core/virtualbox-7.0.20-1.mga9
- 9/core/kmod-virtualbox-7.0.20-51.mga9
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds