Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Mageia Advisory 2022-0038: Critical Oracle VM VirtualBox Access Risk

mageia
Calendar Grey January 26, 2022
Dist Mageia Esm H88
Recent updates to VirtualBox in Mageia resolve a vulnerability that posed risks of unauthorized data access.
Updated virtualbox packages fix security vulnerability: Vulnerability in the Oracle VM VirtualBoxp rior to 6.1.32 contains an easily exploitable vulnerability allows low privileg...

Summary

Updated virtualbox packages fix security vulnerability:
Vulnerability in the Oracle VM VirtualBoxp rior to 6.1.32 contains an easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data (CVE-2022-21295).
For other fixes in this update, see the referenced changelog.

References

- https://bugs.mageia.org/show_bug.cgi?id=29918

- https://www.oracle.com/security-alerts/cpujan2022.html#AppendixOVIR

-

- https://www.cve.org/CVERecord?id=CVE-2022-21295

Resolution

SRPMS

- 8/core/virtualbox-6.1.32-1.mga8

- 8/core/kmod-virtualbox-6.1.32-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 26 Jan 2022
URL: https://advisories.mageia.org/MGASA-2022-0038.html
Type: security
CVE: CVE-2022-21295

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here