CVE-2022-21491 Vulnerability in Oracle VM VirtualBox product that was affected prior to 6.1.34.

VU# 554420 - VM VirtualBox (multiple issues) (http://www.redhat.com/support/docs/vendor-support/virtualization/virtual-machines-2.html) Red Hat has published a Critical advisory for Oracle VirtualBox. The Red Hat advisory can be found here. VU# 554420 - VM VirtualBox (multiple issues) (CVE-2018-3620) - RCE in libvirt (CVE-2018-3621) - RCE in Hypervisor (CVE-2018-3622) - Information leak in XHC (CVE-2018-3623) - Hypervisor Memory Corruption (CVE-2018-3624) - Information leak in QEMU (CVE-2018-3625) - Hypervisor Memory Corruption (CVE-2018-3626) - Information leak in QEMU (CVE-2018-3627) - Information leak in XHC (CVE-2018-3628) - Information leak in libvirt (CVE-2018-3629) - RCE in libvirt (CVE-2018-3630) - RCE in libvirt (CVE-2018-3631) - Information leak in VirtualBox (CVE-2018-3632) - Information leak in VirtualBox (CVE-2018-3633) - Information leak in VirtualBox (CVE-2018-3634) - Information leak in VirtualBox (CVE-2018-3635) -

Service Interruption and Escalation of the Privilege Required to Exploit

The cumulative impact of the vulnerabilities in this advisory could be a denial of service condition, and if exploiting these vulnerabilities results in a privilege escalation, an attacker may gain complete control of the guest operating system.

Timeline

Published on: 04/19/2022 21:15:00 UTC
Last modified on: 04/28/2022 14:40:00 UTC

References

• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21491