CVE-2022-21491: 
VirtualBox vulnerability analysis and mitigation

Vulnerability in Oracle VM VirtualBox product (Prior to version 6.1.34) allows low privileged attackers with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise the system. This vulnerability (CVE-2022-21491) was discovered by Oliver Bachtik of NVISO and disclosed in April 2022. The vulnerability specifically affects Windows systems (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.8 (High) with the vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates local access is required (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction needed (UI:N), unchanged scope (S:U), and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

Successful exploitation of this vulnerability can result in complete takeover of Oracle VM VirtualBox, potentially compromising the confidentiality, integrity, and availability of the virtualization environment (Oracle Advisory).

Oracle has released a patch for this vulnerability in VirtualBox version 6.1.34. Users are strongly recommended to upgrade to this version or later to mitigate the vulnerability (Oracle Advisory).