all InfoSec news
CVE-2024-21115: An Oracle VirtualBox LPE Used to Win Pwn2Own
Malware Analysis, News and Indicators - Latest topics malware.news
In this guest blog from Master of Pwn winner Cody Gallagher, he details CVE-2024-21115 – an Out-of-Bounds (OOB) Write that occurs in Oracle VirtualBox that can be leveraged for privilege escalation. This bug was recently patched by Oracle in April. Cody has graciously provided this detailed write-up of the vulnerability and how he exploited it at the contest.
The core bug used for this escape is a relative bit clear on the heap from the VGA device. The bug is …
april blog bug can cve cve-2024 escalation guest blog lpe master oob oracle oracle virtualbox out-of-bounds privilege privilege escalation pwn2own virtualbox vulnerability winner write-up