CVE-2024-21248 Common Vulnerabilities and Exposures | SUSE

Upstream information

CVE-2024-21248 at MITRE

Description

Upstream Security Advisories:

https://www.zerodayinitiative.com/advisories/ZDI-24-1412/

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v3 Scores
CVSS detail	CNA (Oracle)
Base Score	5.3
Vector	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Attack Vector	Local
Attack Complexity	High
Privileges Required	Low
User Interaction	None
Scope	Changed
Confidentiality Impact	Low
Integrity Impact	Low
Availability Impact	Low
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1231735 [NEW]

SUSE Security Advisories:

openSUSE-SU-2024:0364-1, published Sun Nov 10 16:54:11 2024
openSUSE-SU-2024:14413-1, published Sat Oct 19 18:49:13 2024

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP6	`kbuild >= 0.1.9998+svn3613-bp156.2.3.1` `python3-virtualbox >= 7.1.4-lp156.2.4.1` `virtualbox >= 7.1.4-lp156.2.4.1` `virtualbox-devel >= 7.1.4-lp156.2.4.1` `virtualbox-guest-desktop-icons >= 7.1.4-lp156.2.4.1` `virtualbox-guest-source >= 7.1.4-lp156.2.4.1` `virtualbox-guest-tools >= 7.1.4-lp156.2.4.1` `virtualbox-host-source >= 7.1.4-lp156.2.4.1` `virtualbox-kmp-default >= 7.1.4_k6.4.0_150600.23.25-lp156.2.4.1` `virtualbox-qt >= 7.1.4-lp156.2.4.1` `virtualbox-vnc >= 7.1.4-lp156.2.4.1` `virtualbox-websrv >= 7.1.4-lp156.2.4.1`	Patchnames: openSUSE-2024-364
openSUSE Leap 15.6	`kbuild >= 0.1.9998+svn3613-bp156.2.3.1` `python3-virtualbox >= 7.1.4-lp156.2.4.1` `virtualbox >= 7.1.4-lp156.2.4.1` `virtualbox-devel >= 7.1.4-lp156.2.4.1` `virtualbox-guest-desktop-icons >= 7.1.4-lp156.2.4.1` `virtualbox-guest-source >= 7.1.4-lp156.2.4.1` `virtualbox-guest-tools >= 7.1.4-lp156.2.4.1` `virtualbox-host-source >= 7.1.4-lp156.2.4.1` `virtualbox-kmp-default >= 7.1.4_k6.4.0_150600.23.25-lp156.2.4.1` `virtualbox-qt >= 7.1.4-lp156.2.4.1` `virtualbox-vnc >= 7.1.4-lp156.2.4.1` `virtualbox-websrv >= 7.1.4-lp156.2.4.1`	Patchnames: openSUSE-2024-364
openSUSE Tumbleweed	`python3-virtualbox >= 7.1.4-1.1` `virtualbox >= 7.1.4-1.1` `virtualbox-devel >= 7.1.4-1.1` `virtualbox-guest-desktop-icons >= 7.1.4-1.1` `virtualbox-guest-source >= 7.1.4-1.1` `virtualbox-guest-tools >= 7.1.4-1.1` `virtualbox-host-source >= 7.1.4-1.1` `virtualbox-qt >= 7.1.4-1.1` `virtualbox-vnc >= 7.1.4-1.1` `virtualbox-websrv >= 7.1.4-1.1`	Patchnames: openSUSE-Tumbleweed-2024-14413

SUSE Timeline for this CVE

CVE page created: Wed Oct 16 00:01:03 2024
CVE page last modified: Mon Oct 6 19:52:29 2025