All errata/p11/ALT-PU-2025-9918-4
ALT-PU-2025-9918-4

Package update virtualbox in branch p11

Version7.1.12a-alt1
Task#391325
Published2025-08-11
Max severityHIGH
Severity:

Closed issues (14)

BDU:2025-08587
HIGH8.2

Уязвимость виртуального графического адаптера VMSVGA программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

Published: 2025-07-16Modified: 2025-10-07
CVSS 3.xHIGH 8.2
CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
References
BDU:2025-08588
HIGH8.2

Уязвимость виртуального контроллера OHCI USB программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

Published: 2025-07-16Modified: 2025-10-07
CVSS 3.xHIGH 8.2
CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
References
BDU:2025-08589
HIGH8.2

Уязвимость виртуального графического адаптера VMSVGA программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код

Published: 2025-07-16Modified: 2025-10-07
CVSS 3.xHIGH 8.2
CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
References
BDU:2025-08646
MEDIUM6.0

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2025-07-18Modified: 2025-10-07
CVSS 3.xMEDIUM 6.0
CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:N
References
BDU:2025-08708
MEDIUM6.0

Уязвимость модуля LSILogic программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2025-07-21
CVSS 3.xMEDIUM 6.0
CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:N
References
BDU:2025-08874
MEDIUM6.0

Уязвимость модуля BusLogic программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2025-07-23Modified: 2025-10-07
CVSS 3.xMEDIUM 6.0
CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:N
References
BDU:2025-08875
LOW2.3

Уязвимость компонента Core программного средства виртуализации Oracle VM VirtualBox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2025-07-23Modified: 2025-10-07
CVSS 3.xLOW 2.3
CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CVSS 2.0LOW 1.7
CVSS:2.0/AV:L/AC:L/Au:S/C:P/I:N/A:N
References
CVE-2025-53024
HIGH8.2

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Published: 2025-07-15Modified: 2025-07-16
CVSS 3.xHIGH 8.2
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References
CVE-2025-53025
MEDIUM6.0

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Published: 2025-07-15Modified: 2025-07-16
CVSS 3.xMEDIUM 6.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
References
CVE-2025-53026
MEDIUM6.0

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Published: 2025-07-15Modified: 2025-07-16
CVSS 3.xMEDIUM 6.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
References
CVE-2025-53027
HIGH8.2

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Published: 2025-07-15Modified: 2025-07-16
CVSS 3.xHIGH 8.2
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References
CVE-2025-53028
HIGH8.2

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Published: 2025-07-15Modified: 2025-07-16
CVSS 3.xHIGH 8.2
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References
CVE-2025-53029
LOW2.3

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Published: 2025-07-15Modified: 2025-07-16
CVSS 3.xLOW 2.3
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
References
CVE-2025-53030
MEDIUM6.0

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Published: 2025-07-15Modified: 2025-07-16
CVSS 3.xMEDIUM 6.0
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
References