SUN » Xvm Virtualbox » 1.5.2 : Security Vulnerabilities, CVEs,
CVE-2008-3431
Known exploited
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-08-05
Updated
2018-10-11
CISA KEV Added
2022-03-03
1 vulnerabilities found