{"id":"MGASA-2025-0002","summary":"Updated virtualbox & kmod-virtualbox packages fix security vulnerabilities","details":"Vulnerabilities were found in the Oracle VM VirtualBox product of Oracle\nVirtualization (component: Core). Supported versions that are affected\nare prior to 7.0.22 and prior to 7.1.2. A difficult to exploit\nvulnerability allows a high privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise an Oracle\nVM VirtualBox. While the vulnerability is in Oracle VM VirtualBox,\nattacks may significantly impact additional products (scope change).\nSuccessful attacks of this vulnerability can result in takeover of\nOracle VirtualBox VMs. CVSS 3.1 Base Score 7.5 (Confidentiality,\nIntegrity and Availability impacts). CVSS Vector:\n(CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).\n","modified":"2026-02-04T04:17:00.390192Z","published":"2025-01-04T21:09:30Z","related":["CVE-2024-21248","CVE-2024-21253","CVE-2024-21259","CVE-2024-21263","CVE-2024-21273"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0002.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33754"},{"type":"REPORT","url":"https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixOVIR"},{"type":"REPORT","url":"https://www.virtualbox.org/wiki/Changelog-7.0#v22"}],"affected":[{"package":{"name":"virtualbox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.22-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0002.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.22-62.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0002.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}