CVE-2022-21491 | Vulnerability Database | Aqua Security

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Affected Software

Name	Vendor	Start Version	End Version
Vm_virtualbox	Oracle	*	6.1.34 (excluding)
Virtualbox	Ubuntu	bionic	*
Virtualbox	Ubuntu	impish	*
Virtualbox	Ubuntu	kinetic	*
Virtualbox	Ubuntu	lunar	*
Virtualbox	Ubuntu	mantic	*
Virtualbox	Ubuntu	trusty	*
Virtualbox	Ubuntu	xenial	*
Vm	Ubuntu	bionic	*
Vm	Ubuntu	impish	*
Vm	Ubuntu	kinetic	*
Vm	Ubuntu	lunar	*
Vm	Ubuntu	mantic	*
Vm	Ubuntu	trusty	*
Vm	Ubuntu	xenial	*

References

https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-21491
CWE	https://cwe.mitre.org/data/definitions/.html