{"id":"MGASA-2025-0027","summary":"Updated virtualbox, kmod-virtualbox packages fix security vulnerabilities","details":"Vulnerability in the Oracle VM VirtualBox product of Oracle\nVirtualization (component: Core). Supported versions that are affected\nare Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability\nallows high privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While\nthe vulnerability is in Oracle VM VirtualBox, attacks may significantly\nimpact additional products (scope change). Successful attacks of this\nvulnerability can result in unauthorized creation, deletion or\nmodification access to critical data or all Oracle VM VirtualBox\naccessible data as well as unauthorized read access to a subset of\nOracle VM VirtualBox accessible data and unauthorized ability to cause a\npartial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS\n3.1 Base Score 7.3 (Confidentiality, Integrity and Availability\nimpacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L)\n","modified":"2026-02-04T02:28:55.572100Z","published":"2025-01-27T20:20:06Z","related":["CVE-2025-21533","CVE-2025-21571"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0027.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33952"},{"type":"REPORT","url":"https://www.oracle.com/security-alerts/cpujan2025.html#AppendixOVIR"},{"type":"REPORT","url":"https://www.virtualbox.org/wiki/Changelog-7.0#v24"}],"affected":[{"package":{"name":"virtualbox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.24-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0027.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.24-63.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0027.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}