Описание
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
Ссылки
- Broken LinkVendor Advisory
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Product
- ExploitThird Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkExploitThird Party AdvisoryVDB Entry
- Broken Link
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Product
- ExploitThird Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkExploitThird Party AdvisoryVDB Entry
- Broken Link
Уязвимые конфигурации
EPSS
8.8 High
CVSS3
7.2 High
CVSS2
Дефекты
Связанные уязвимости
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualB ...
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
EPSS
8.8 High
CVSS3
7.2 High
CVSS2