CVE-2022-21627 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.

925 CVE-2018-3574 264 2018-04-02 2018-04-17 1.9 None Local Medium Not required Partial Partial None In VirtualBox versions 5.1.26 and earlier, the virtual network interface (VNIC) implementation in the VXLAN networking implementation before version 5.0.6 lacked the limitation of not allowing a VNIC to be bound to a host port above 9001. As a result, if a malicious VXLAN network was created on the same subnet as a VirtualBox host, a remote attacker might be able to compromise the host by binding a malicious VNIC to the host port above 9000. CVSS 3.0 Base Score 5.3. CVSS Vector: Network/ CVSS Vector: Host/ . 926 CVE-2018-3573 254 Bypass 2018-04-02 2018-05-18 1.9 None Local Medium Not required None Partial None VirtualBox versions before 5.1.26, when using Intel VT-x/EPT, did not properly prevent an unprivileged user from loading a kernel module, which could be exploited by guests to bypass kernel integrity checks. CVSS 3.0 Base Score 5.9. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). 927 CVE-2018-35

Overview br

For more information on what the company is doing verify their social media profiles

As per the company's website, Facebook has many benefits to a business. For instance, it can be targeted to a specific demographic or geographic area, or it can be on an easier flow on the internet. With Facebook, you can target your audience by location, age, gender, interests, and more. By targeting your ad to a specific group of people, you'll be spending less money on clicks that don't convert into sales. These ads get better conversion rates because you'll spend less money while still getting better results. You can use pictures in your ad campaigns on Facebook as people respond well to pictures. People are more likely to click through when they see something visually appealing than if they see text only.

The VirtualBox kernel module (VBoxernel)

The VirtualBox kernel module (VBoxernel) exposes an interface on which a guest user can load a kernel module. In VirtualBox versions before 5.1.26, the VBoxernal interface lacked the limitation of not allowing a VNIC to be bound to a host port above 9000. As a result, if a malicious VXLAN network was created on the same subnet as VirtualBox host, a remote attacker might be able to compromise the host by binding a malicious VNIC to the host port above 9000.
CVSS 3.0 Base Score 5.3. CVSS Vector: Network/ CVSS Vector: Host/ .

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References

• https://www.oracle.com/security-alerts/cpuoct2022.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21627