VYPR

xVM VirtualBox

by Sun Corporation

CVEs (2)

  • CVE-2008-3431HigKEVAug 5, 2008
    risk 0.73cvss 8.8epss 0.07

    The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the…

  • CVE-2009-0876Mar 12, 2009
    risk 0.03cvss epss 0.01

    Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.