SUN » Xvm Virtualbox : Security Vulnerabilities, CVEs, CVSS score >= 6

CVE-2009-0876

Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.
Max CVSS
6.9
EPSS Score
0.04%
Published
2009-03-12
Updated
2017-08-17

CVE-2008-3431

Known exploited
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-08-05
Updated
2018-10-11
CISA KEV Added
2022-03-03
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close