Mageia 8: 2023-0024 Critical Advisory for VirtualBox Compromise
mageia
January 24, 2023
Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox
Summary
Easily exploitable vulnerability allows high privileged attacker with
logon to the infrastructure where Oracle VM VirtualBox executes to
compromise Oracle VM VirtualBox. (CVE-2023-21884)
Unauthenticated attacker with network access via multiple protocols to
compromise Oracle VM VirtualBox.(CVE-2023-21886)
Low privileged attacker with logon to the infrastructure where Oracle VM
VirtualBox executes to compromise Oracle VM VirtualBox (CVE-2023-21889)
For other changes see referenced changelog.
References
- https://bugs.mageia.org/show_bug.cgi?id=31429
- https://www.oracle.com/security-alerts/cpujan2023.html#AppendixOVIR
-
- https://www.cve.org/CVERecord?id=CVE-2023-21884
- https://www.cve.org/CVERecord?id=CVE-2023-21886
- https://www.cve.org/CVERecord?id=CVE-2023-21889
Topics Covered
Resolution
SRPMS
- 8/core/virtualbox-7.0.6-1.mga8
- 8/core/kmod-virtualbox-7.0.6-1.mga8
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 24 Jan 2023
URL: https://advisories.mageia.org/MGASA-2023-0024.html
Type: security
CVE: CVE-2023-21884,
CVE-2023-21886,
CVE-2023-21889
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!