Lucene search

K
zdiHuyna of Viettel Cyber SecurityZDI-19-965
HistoryNov 11, 2019 - 12:00 a.m.

Oracle VirtualBox shader_get_registers_used Out-Of-Bounds Write Privilege Escalation Vulnerability

2019-11-1100:00:00
huyna of Viettel Cyber Security
www.zerodayinitiative.com
5

EPSS

0.001

Percentile

32.0%

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the shader_get_registers_used function. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor.