CVE-2024-21116: 
VirtualBox vulnerability analysis and mitigation

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The vulnerability affects versions prior to 7.0.16 and applies to Linux hosts only. This is an easily exploitable vulnerability that allows low privileged attackers with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise the system (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.8 (High) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates local access is required, the attack complexity is low, low privileges are required, no user interaction is needed, and the scope is unchanged. The vulnerability affects confidentiality, integrity, and availability with high impact levels (ZDI Advisory).

Successful exploitation of this vulnerability can result in complete takeover of Oracle VM VirtualBox. The attacker can gain unauthorized access to execute arbitrary code in the context of root, potentially compromising the entire virtualization environment (ZDI Advisory).

Oracle has released a security patch to address this vulnerability. Users should upgrade to VirtualBox version 7.0.16 or later to mitigate the risk (Oracle Advisory).