{"id":"MGASA-2023-0024","summary":"Updated virtualbox packages fix security vulnerability","details":"Easily exploitable vulnerability allows high privileged attacker with\nlogon to the infrastructure where Oracle VM VirtualBox executes to\ncompromise Oracle VM VirtualBox. (CVE-2023-21884)\n\nUnauthenticated attacker with network access via multiple protocols to\ncompromise Oracle VM VirtualBox.(CVE-2023-21886)\n\nLow privileged attacker with logon to the infrastructure where Oracle VM\nVirtualBox executes to compromise Oracle VM VirtualBox (CVE-2023-21889)\n\nFor other changes see referenced changelog.\n","modified":"2026-04-16T04:42:57.659706587Z","published":"2023-01-24T07:58:25Z","upstream":["CVE-2023-21884","CVE-2023-21886","CVE-2023-21889"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0024.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31429"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujan2023.html#AppendixOVIR"},{"type":"WEB","url":"https://www.virtualbox.org/wiki/Changelog-7.0#v6"}],"affected":[{"package":{"name":"virtualbox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.6-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0024.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.6-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0024.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}