Mageia 9: MGASA-2025-0027 critical: Oracle VM VirtualBox partial DOS
mageia
January 27, 2025
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
Summary
Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualization (component: Core). Supported versions that are affected
are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability
allows high privileged attacker with logon to the infrastructure where
Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While
the vulnerability is in Oracle VM VirtualBox, attacks may significantly
impact additional products (scope change). Successful attacks of this
vulnerability can result in unauthorized creation, deletion or
modification access to critical data or all Oracle VM VirtualBox
accessible data as well as unauthorized read access to a subset of
Oracle VM VirtualBox accessible data and unauthorized ability to cause a
partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS
3.1 Base Score 7.3 (Confidentiality, Integrity and Availability
impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L)
References
- https://bugs.mageia.org/show_bug.cgi?id=33952
- https://www.oracle.com/security-alerts/cpujan2025.html#AppendixOVIR
-
- https://www.cve.org/CVERecord?id=CVE-2025-21571
- https://www.cve.org/CVERecord?id=CVE-2025-21533
Resolution
SRPMS
- 9/core/virtualbox-7.0.24-1.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 27 Jan 2025
URL: https://advisories.mageia.org/MGASA-2025-0027.html
Type: security
CVE: CVE-2025-21571,
CVE-2025-21533
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!