Mageia: 2020-0466 Moderate: VirtualBox High-Priority Code Threats

mageia

December 21, 2020

Vulnerabilities in the Oracle VM VirtualBox are fixed in version 6.1.16

Summary

Vulnerabilities in the Oracle VM VirtualBox are fixed in version 6.1.16.
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability which can lead to execute code in the context of the hypervisor. (CVE-2020-14872).
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the shader_generate_main function. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the hypervisor. (CVE-2020-14881).
An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the shader_record_register_usage functio...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=27479

- https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixOVIR

- https://www.virtualbox.org/wiki/Changelog-6.1#v16

- https://www.cve.org/CVERecord?id=CVE-2020-14872

- https://www.cve.org/CVERecord?id=CVE-2020-14881

- https://www.cve.org/CVERecord?id=CVE-2020-14884

- https://www.cve.org/CVERecord?id=CVE-2020-14885

- https://www.cve.org/CVERecord?id=CVE-2020-14886

- https://www.cve.org/CVERecord?id=CVE-2020-14889

- https://www.cve.org/CVERecord?id=CVE-2020-14892

Topics Covered

security advisory buffer overflow software update code execution DoS threat threat mitigation Mageia Oracle VM VirtualBox high-privilege access high-privileged access

Resolution

SRPMS

- 7/core/kmod-virtualbox-6.1.16-4.mga7

- 7/core/virtualbox-6.1.16-4.mga7

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 21 Dec 2020

URL: https://advisories.mageia.org/MGASA-2020-0466.html

Type: security

CVE: CVE-2020-14872, CVE-2020-14881, CVE-2020-14884, CVE-2020-14885, CVE-2020-14886, CVE-2020-14889, CVE-2020-14892

Topics Covered

security advisory buffer overflow software update code execution DoS threat threat mitigation Mageia Oracle VM VirtualBox high-privilege access high-privileged access

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2020-0466 Moderate: VirtualBox High-Priority Code Threats

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Mageia: 2020-0466 Moderate: VirtualBox High-Priority Code Threats

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!