Lucene search
Dungdm(@_piers2) of Viettel Cyber SecurityZDI-23-485HistoryApr 24, 2023 - 12:00 a.m.
(Pwn2Own) Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability
2023-04-2400:00:00
dungdm(@_piers2) of Viettel Cyber Security
www.zerodayinitiative.com
17
oracle virtualbox
usb controller
use-after-free
local privilege escalation
vulnerability
guest system
hypervisor
0.001 Low
EPSS
Percentile
35.3%
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the OHCI USB controller. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor.
Related
nvd
nvd
CVE-2023-21990
2023-04-18 20:15:17
cvelist
cvelist
CVE-2023-21990
2023-04-18 19:54:42
debiancve
debiancve
CVE-2023-21990
2023-04-18 20:15:17
ubuntucve
ubuntucve
CVE-2023-21990
2023-04-18 00:00:00
prion
prion
Buffer overflow
2023-04-18 20:15:00
cve
cve
CVE-2023-21990
2023-04-18 20:15:17
veracode
veracode
Remote Code Execution (RCE)
2023-04-24 03:27:35
mageia
mageia
Updated virtualbox packages fix security vulnerabilities
2023-05-06 21:19:07
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0160)
2023-05-08 00:00:00
Oracle VirtualBox Security Update (Apr 2023) - Mac OS X
2023-04-19 00:00:00
Oracle VirtualBox Security Update (Apr 2023) - Linux
2023-04-19 00:00:00
nessus
nessus
Oracle VM VirtualBox <6.1.44, < 7.0.8 (April 2023 CPU)
2023-04-19 00:00:00
openSUSE 15 Security Update : virtualbox (openSUSE-SU-2023:0166-1)
2023-07-05 00:00:00
kaspersky
kaspersky
KLA48969 Multiple vulnerabilities in Oracle VirtualBox
2023-04-18 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00