SUN » Xvm Virtualbox : Security Vulnerabilities, CVEs, CVSS score >= 6
Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.
Max CVSS
6.9
EPSS Score
0.04%
Published
2009-03-12
Updated
2017-08-17
CVE-2008-3431
Known exploited
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-08-05
Updated
2018-10-11
CISA KEV Added
2022-03-03
2 vulnerabilities found