SB20230418181 - Multiple vulnerabilities in Oracle VM VirtualBox

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20230418181

SB20230418181 - Multiple vulnerabilities in Oracle VM VirtualBox

Published: April 18, 2023 Updated: April 25, 2023

Security Bulletin ID SB20230418181
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 9% Low 91%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2023-21991)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the handling of VGA MMIO. A local privileged user can trigger an out-of-bounds read error and read contents of memory on the system.


2) Improper input validation (CVE-ID: CVE-2023-21999)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to read and manipulate data.


3) Access of Uninitialized Pointer (CVE-ID: CVE-2023-21988)

CWE-ID: CWE-824 - Access of Uninitialized Pointer

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to access to uninitialized memory within the handling of GPA requests. A local privileged user can gain access to sensitive information.


4) Improper input validation (CVE-ID: CVE-2023-22001)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear


The vulnerability allows a local privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to read and manipulate data.


5) Improper input validation (CVE-ID: CVE-2023-22000)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear


The vulnerability allows a local privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to read and manipulate data.


6) Improper input validation (CVE-ID: CVE-2023-21998)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear


The vulnerability allows a local privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to read and manipulate data.


7) Access of Uninitialized Pointer (CVE-ID: CVE-2023-21989)

CWE-ID: CWE-824 - Access of Uninitialized Pointer

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to access to uninitialized memory within the OHCI USB controller. A local privileged user can gain unauthorized access to sensitive information.


8) Improper input validation (CVE-ID: CVE-2023-22002)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.


9) Cleartext transmission of sensitive information (CVE-ID: CVE-2022-42916)

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when parsing URL with IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. A remote attacker can bypass curl's HSTS check and trick it into using unencrypted HTTP protocol.


10) Stack-based buffer overflow (CVE-ID: CVE-2023-21987)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the handling of TPM MMIO. A local privileged user can trigger a stack-based buffer overflow and execute arbitrary code in the context of the hypervisor.


11) Use-after-free (CVE-ID: CVE-2023-21990)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the OHCI USB controller. A local privileged user can trigger a use-after-free error and execute arbitrary code the context of the hypervisor.


Remediation

Install update from vendor's website.

References