Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox

A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service (DoS) condition.

“Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox,” the advisory reads. “Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DoS) of Oracle VM VirtualBox”

Tracked as CVE-2021-2442 (CVSS score: 6.0), the flaw affects all versions of the product prior to 6.1.24. SentinelLabs researcher Max Van Amerongen has been credited with discovering and reporting the issue, following which fixes have been rolled out by Oracle as part of its Critical Patch Update for July 2021.

Oracle VM VirtualBox is an open-source and cross-platform hypervisor and desktop virtualization software that enables users to run multiple guest operating systems such as Windows, Linux distributions, OpenBSD, and Oracle Solaris on a single physical machine.

“Works as both an out-of-bounds read in the host process, as well as an integer underflow. In some instances, it can also be used to remotely DoS other Virtualbox virtual machines,” Van Amerongen noted back in August.

> Got another Virtualbox vuln fixed (CVE-2021-2442)

Works as both an OOB read in the host process, as well as an integer underflow. In some instances, it can also be used to remotely DoS other Virtualbox VMs! pic.twitter.com/Ir9YQgdZQ7
>
> — maxpl0it (@maxpl0it) August 1, 2021

Also discovered by Van Amerongen are two other flaws affecting versions before 6.1.20 and resolved by Oracle in April 2021 —

• CVE-2021-2145 (CVSS score: 7.5): Oracle VirtualBox NAT Integer Underflow Privilege Escalation Vulnerability
• CVE-2021-2310 (CVSS score: 7.5): Oracle VirtualBox NAT Heap-based Buffer Overflow Privilege Escalation Vulnerability (affects , patched in April

Both the aforementioned issues reside within the implementation of NAT that arise from a lack of proper validation of user-supplied data. Successful attacks of the two shortcomings can enable a local adversary to escalate privileges and execute arbitrary code that results in full takeover of a vulnerable Oracle VM VirtualBox.

Given that threat actors are known to move fast to take advantage of the security gap afforded by unpatched vulnerabilities, it’s essential that organizations update their VirtualBox installations to the latest version to mitigate any risk of potential exploitation.

Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn to read more exclusive content we post.