{"id":"MGASA-2021-0385","summary":"Updated virtualbox packages fix security vulnerability","details":"This update provides the upstream 6.1.24 maintenance release that fixes\nat least the following security vulnerabilities:\n\nAn easily exploitable vulnerability in the Oracle VM VirtualBox (component:\nCore) prior to 6.1.24 allows high privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise Oracle VM\nVirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may\nsignificantly impact additional products. Successful attacks of this\nvulnerability can result in takeover of Oracle VM VirtualBox (CVE-2021-2409).\n\nAn easily exploitable vulnerability in the Oracle VM VirtualBox (component:\nCore) prior to 6.1.24 allows high privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise Oracle VM\nVirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may\nsignificantly impact additional products. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of Oracle VM VirtualBox\n(CVE-2021-2442).\n\nAn easily exploitable vulnerability in the Oracle VM VirtualBox (component:\nCore) prior to 6.1.24 allows high privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise Oracle VM\nVirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may\nsignificantly impact additional products. Successful attacks of this\nvulnerability can result in unauthorized ability to cause a hang or\nfrequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well\nas unauthorized update, insert or delete access to some of Oracle VM\nVirtualBox accessible data and unauthorized read access to a subset of\nOracle VM VirtualBox accessible data (CVE-2021-2443).\n\nAn difficult to exploit vulnerability in the Oracle VM VirtualBox (component:\nCore) prior to 6.1.24 allows low privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise Oracle VM\nVirtualBox. Successful attacks of this vulnerability can result in takeover\nof Oracle VM VirtualBox (CVE-2021-2454).\n\nFor other upstream fixes in this update, see the referenced changelog.\n","modified":"2026-04-16T04:42:34.517371732Z","published":"2021-07-27T20:21:53Z","upstream":["CVE-2021-2409","CVE-2021-2442","CVE-2021-2443","CVE-2021-2454"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0385.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29279"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2021.html#AppendixOVIR"},{"type":"WEB","url":"https://www.virtualbox.org/wiki/Changelog-6.1#v24"}],"affected":[{"package":{"name":"virtualbox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.24-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0385.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.24-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0385.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}