Upstream information
CVE-2021-25319 at MITRE
Description
A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
CVSS v2 Scores
| CVSS detail | National Vulnerability Database |
|---|
| Base Score | 7.2 |
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
CVSS v3 Scores
| CVSS detail | National Vulnerability Database |
|---|
| Base Score | 7.8 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Bugzilla entry:
1182918 [RESOLVED / FIXED]
No SUSE Security Announcements cross referenced.
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
| openSUSE Leap 15.2 | python3-virtualbox >= 6.1.22-lp152.2.24.2virtualbox >= 6.1.22-lp152.2.24.2virtualbox-devel >= 6.1.22-lp152.2.24.2virtualbox-guest-desktop-icons >= 6.1.22-lp152.2.24.2virtualbox-guest-source >= 6.1.22-lp152.2.24.2virtualbox-guest-tools >= 6.1.22-lp152.2.24.2virtualbox-guest-x11 >= 6.1.22-lp152.2.24.2virtualbox-host-source >= 6.1.22-lp152.2.24.2virtualbox-kmp-default >= 6.1.22_k5.3.18_lp152.75-lp152.2.24.2virtualbox-kmp-preempt >= 6.1.22_k5.3.18_lp152.75-lp152.2.24.2virtualbox-qt >= 6.1.22-lp152.2.24.2virtualbox-vnc >= 6.1.22-lp152.2.24.2virtualbox-websrv >= 6.1.22-lp152.2.24.2
| Patchnames:
openSUSE-2021-723 |
| openSUSE Leap 15.3 | python3-virtualbox >= 6.1.22-lp153.2.3.2virtualbox >= 6.1.22-lp153.2.3.2virtualbox-devel >= 6.1.22-lp153.2.3.2virtualbox-guest-desktop-icons >= 6.1.22-lp153.2.3.2virtualbox-guest-source >= 6.1.22-lp153.2.3.2virtualbox-guest-tools >= 6.1.22-lp153.2.3.2virtualbox-guest-x11 >= 6.1.22-lp153.2.3.2virtualbox-host-source >= 6.1.22-lp153.2.3.2virtualbox-kmp-default >= 6.1.22_k5.3.18_59.5-lp153.2.3.2virtualbox-kmp-preempt >= 6.1.22_k5.3.18_59.5-lp153.2.3.2virtualbox-qt >= 6.1.22-lp153.2.3.2virtualbox-vnc >= 6.1.22-lp153.2.3.2virtualbox-websrv >= 6.1.22-lp153.2.3.2
| Patchnames:
openSUSE-2021-977 |
SUSE Timeline for this CVE
CVE page created: Wed Mar 3 12:29:14 2021
CVE page last modified: Mon Oct 6 19:29:35 2025
