Oracle VM VirtualBox Security Update Advisory (CVE-2023-22098, CVE-2023-22099, CVE-2023-22100)

Feb 22 2024

Overview

An update has been made available to fix vulnerabilities in Oracle VM VirtualBox. Users of affected versions are advised to update to the latest version.

Affected Products

Oracle VM VirtualBox versions earlier than 7.0.12

Resolved Vulnerabilities

Vulnerabilities in Oracle VM VirtualBox (CVE-2023-22098, CVE-2023-22099, CVE-2023-22100) that could allow an attacker to gain control of Oracle VM VirtualBox by logging into the infrastructure where Oracle VM VirtualBox is running

Vulnerability Patches

Vulnerability patches were made available in the October 2023 Update. Please update to the latest vulnerability patch version as per the reference site.

Oracle VM VirtualBox 7.0.12 version

Referenced Sites

[1] CVE-2023-22098 Detail
https:// nvd.nist.gov/vuln/detail/CVE-2023-22098
[2] CVE-2023-22099 Detail
https://nvd.nist.gov/vuln/detail/CVE-2023-22099
[3] CVE-2023-22100 Detail
https:// nvd.nist.gov/vuln/detail/CVE-2023-22100
[4] Oracle Critical Patch Update Advisory – October 2023
https://www.oracle.com/security-alerts/cpuoct2023.html
[5] VM-Escape PoC (2024.02.20)
https:// github.com/google/security-research/tree/master/pocs/oracle/virtualbox/CVE-2023-22098

Oracle VM VirtualBox Security Update Advisory (CVE-2023-22098, CVE-2023-22099, CVE-2023-22100)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Cisco Family February 2024 First Security Update Advisory

BIND DNS Vulnerability Security Update Advisory (CVE-2023-50387)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Cisco Family February 2024 First Security Update Advisory

BIND DNS Vulnerability Security Update Advisory (CVE-2023-50387)