Oracle VM VirtualBox Core Component Vulnerability Allowing Data Compromise and Partial Denial-of-Service

A vulnerability has been identified in the Oracle VM VirtualBox product, specifically in the Core component. This issue affects Oracle VM VirtualBox versions 7.1.14 and 7.2.4. The vulnerability is easily exploitable and allows a high-privileged attacker with access to the infrastructure where Oracle VM VirtualBox is running to compromise the application. While the vulnerability resides within Oracle VM VirtualBox, successful exploitation could significantly impact other products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all data accessible by Oracle VM VirtualBox. Additionally, it could allow an attacker to cause a partial denial-of-service on Oracle VM VirtualBox.

Impact

Exploitation of this vulnerability could lead to unauthorized changes to critical data or all data accessible through Oracle VM VirtualBox. It also allows unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. Furthermore, the vulnerability enables an unauthorized partial denial-of-service on Oracle VM VirtualBox.