[Pkg-virtualbox-devel] Bug#735410: Information on recent VBox CVEs
Matthew Daley
mattd at bugfuzz.com
Sat Feb 8 12:14:08 UTC 2014
Hi,
I've recently released some more detailed information on these CVEs
that can hopefully help out; see
<http://seclists.org/fulldisclosure/2014/Feb/48>.
(In addition, another author has written up
<http://seclists.org/dailydave/2014/q1/21> about CVE-2013-5892.)
In summary:
CVE-2013-5892 = guest root -> host user mode (at minimum) code execution
CVE-2014-0407 = host userspace information leak to guest root
CVE-2014-0405 = guest user mode -> guest kernel mode code execution
(Windows guests with the additions driver (in
virtualbox-guest-additions-iso in non-free) only, as has already been
brought up)
CVE-2014-0406 = DoS (via out-of-bounds read) of host VBox process by guest root
CVE-2014-0404 = DoS (via triggering of incorrect assertion) of host
VBox process by guest root
- Matthew
More information about the Pkg-virtualbox-devel
mailing list