Lucene search

K
zdiHuyna of Viettel Cyber SecurityZDI-19-666
HistoryJul 22, 2019 - 12:00 a.m.

Oracle VirtualBox vertexshader_set_limits Out-Of-Bounds Write Privilege Escalation Vulnerability

2019-07-2200:00:00
huyna of Viettel Cyber Security
www.zerodayinitiative.com
10

EPSS

0.001

Percentile

32.0%

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the shader_get_registers_used function. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor.