Fortinet Discovers Oracle VirtualBox Kernel Crash Vulnerability
Fortinet's FortiGuard Labs has discovered a kernel crash vulnerability in Oracle VirtualBox.
Oracle VirtualBox is a powerful virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as open source software under the terms of the GNU General Public License (GPL) version 2. Presently, VirtualBox runs on Windows, Linux, Macintosh, and Solaris hosts and supports a large number of guest operating systems.
A kernel crash vulnerability has been discovered in VirtualBox. This vulnerability is caused due to insufficient validation on a malformed ioctl call to vboxsf.sys driver. It can lead to a VirtualBox guest machine totally unavailable. Users have to reboot it to restore.
SolutionsUsers should apply the solution provided by Oracle.
This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.