SB2021042929 - Arch Linux update for virtualbox

Main Vulnerability Database SB2021042929

SB2021042929 - Arch Linux update for virtualbox

Published: April 29, 2021

Security Bulletin ID SB2021042929

Severity

High

Patch available

YES

Number of vulnerabilities 19

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 19 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2021-2145)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

2) Improper input validation (CVE-ID: CVE-2021-2250)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

3) Improper input validation (CVE-ID: CVE-2021-2266)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.

4) Improper input validation (CVE-ID: CVE-2021-2279)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

5) Improper input validation (CVE-ID: CVE-2021-2280)

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

6) Improper input validation (CVE-ID: CVE-2021-2281)

The vulnerability allows a local non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to manipulate data.

7) Improper input validation (CVE-ID: CVE-2021-2282)

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

8) Improper input validation (CVE-ID: CVE-2021-2283)

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

9) Improper input validation (CVE-ID: CVE-2021-2284)

The vulnerability allows a local non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to manipulate data.

10) Improper input validation (CVE-ID: CVE-2021-2285)

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

11) Improper input validation (CVE-ID: CVE-2021-2286)

The vulnerability allows a local non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to manipulate data.

12) Improper input validation (CVE-ID: CVE-2021-2287)

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

13) Improper input validation (CVE-ID: CVE-2021-2291)

The vulnerability allows a local authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.

14) Improper input validation (CVE-ID: CVE-2021-2296)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.

15) Improper input validation (CVE-ID: CVE-2021-2297)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.

16) Improper input validation (CVE-ID: CVE-2021-2306)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.

17) Improper input validation (CVE-ID: CVE-2021-2309)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

18) Improper input validation (CVE-ID: CVE-2021-2310)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

19) Improper input validation (CVE-ID: CVE-2021-2321)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.

Remediation

Install update from vendor's website.

References

https://security.archlinux.org/advisory/ASA-202104-9