CVE Vulnerabilities

CVE-2008-3431

Published: Aug 05, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the .VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.

Affected Software

Name Vendor Start Version End Version
Xvm_virtualbox Sun 1.3.2 1.3.2
Xvm_virtualbox Sun 1.3.4 1.3.4
Xvm_virtualbox Sun 1.3.6 1.3.6
Xvm_virtualbox Sun 1.3.8 1.3.8
Xvm_virtualbox Sun 1.4.0 1.4.0
Xvm_virtualbox Sun 1.5.0 1.5.0
Xvm_virtualbox Sun 1.5.2 1.5.2
Xvm_virtualbox Sun 1.5.4 1.5.4
Xvm_virtualbox Sun 1.5.6 1.5.6
Xvm_virtualbox Sun 1.6.0 1.6.0
Xvm_virtualbox Sun * 1.6.2

References