CVE-2022-21571 Affecting virtualbox-guest-additions package, versions <6.1.36-r0


Severity

Recommended
0.0
high
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ALPINE321-VIRTUALBOXGUESTADDITIONS-8489967
  • published6 Dec 2024
  • disclosed19 Jul 2022

Introduced: 19 Jul 2022

CVE-2022-21571  (opens in a new tab)

How to fix?

Upgrade Alpine:3.21 virtualbox-guest-additions to version 6.1.36-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream virtualbox-guest-additions package and not the virtualbox-guest-additions package as distributed by Alpine. See How to fix? for Alpine:3.21 relevant fixed versions and status.

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.36. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

CVSS Scores

version 3.1