{"id":"MGASA-2023-0160","summary":"Updated virtualbox packages fix security vulnerabilities","details":"This update provides the upstream 7.0.8 maintenance release that\nfixes at least the following security vulnerabilities:\n\nVulnerability in the Oracle VM VirtualBox prior to 7.0.8. A difficult to\nexploit vulnerability allows low privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise Oracle VM\nVirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may\nsignificantly impact additional products (scope change). Successful attacks\nof this vulnerability can result in takeover of Oracle VM VirtualBox.\n(CVE-2023-21987, CVE-2023-21988).\n\nVulnerability in the Oracle VM VirtualBox prior to 7.0.8. An easily\nexploitable vulnerability allows high privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise Oracle VM\nVirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may\nsignificantly impact additional products (scope change). Successful attacks\nof this vulnerability can result in unauthorized access to critical data or\ncomplete access to all Oracle VM VirtualBox accessible data.\n(CVE-2023-21989).\n\nVulnerability in the Oracle VM VirtualBox prior to 7.0.8. An easily\nexploitable vulnerability allows high privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise Oracle VM\nVirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may\nsignificantly impact additional products (scope change). Successful attacks\nof this vulnerability can result in takeover of Oracle VM VirtualBox.\n(CVE-2023-21990).\n\nVulnerability in the Oracle VM VirtualBox prior to 7.0.8. An easily\nexploitable vulnerability allows high privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise Oracle VM\nVirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks\nmay significantly impact additional products (scope change). Successful\nattacks of this vulnerability can result in unauthorized read access to a\nsubset of Oracle VM VirtualBox accessible data (CVE-2023-21991).\n\nVulnerability in the Oracle VM VirtualBox prior to 7.0.8. A difficult to\nexploit vulnerability allows low privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise Oracle\nVM VirtualBox. Successful attacks of this vulnerability can result in\nunauthorized update, insert or delete access to some of Oracle VM\nVirtualBox accessible data as well as unauthorized read access to a\nsubset of Oracle VM VirtualBox accessible data (CVE-2023-21999).\n\nVulnerability in the Oracle VM VirtualBox prior to 7.0.8. An easily\nexploitable vulnerability allows high privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise Oracle VM\nVirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may\nsignificantly impact additional products (scope change). Successful attacks\nof this vulnerability can result in unauthorized update, insert or delete\naccess to some of Oracle VM VirtualBox accessible data as well as\nunauthorized read access to a subset of Oracle VM VirtualBox accessible\ndata (CVE-2023-22000, CVE-2023-22001).\n\nVulnerability in the Oracle VM VirtualBox prior to 7.0.8. An easily\nexploitable vulnerability allows high privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise Oracle VM\nVirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may\nsignificantly impact additional products (scope change). Successful attacks\nof this vulnerability can result in unauthorized access to critical data or\ncomplete access to all Oracle VM VirtualBox accessible data\n(CVE-2023-22002).\n\nFor other fixes in  this update, see the referenced changelog.\n","modified":"2026-02-04T03:07:08.604328Z","published":"2023-05-06T18:19:07Z","related":["CVE-2023-21987","CVE-2023-21988","CVE-2023-21989","CVE-2023-21990","CVE-2023-21991","CVE-2023-21999","CVE-2023-22000","CVE-2023-22001","CVE-2023-22002"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0160.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31813"},{"type":"REPORT","url":"https://www.virtualbox.org/wiki/Changelog-7.0#v8"},{"type":"REPORT","url":"https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixOVIR"}],"affected":[{"package":{"name":"virtualbox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.8-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0160.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.8-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0160.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}