Zero-Day Advisory
Fortinet Discovers Oracle VirtualBox Kernel Crash Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a kernel crash vulnerability in Oracle VirtualBox.Oracle VirtualBox is a powerful virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as open source software under the terms of the GNU General Public License (GPL) version 2. Presently, VirtualBox runs on Windows, Linux, Macintosh, and Solaris hosts and supports a large number of guest operating systems.
A kernel crash vulnerability has been discovered in VirtualBox. This vulnerability is caused due to insufficient validation on a malformed ioctl call to vboxsf.sys driver. It can lead to a VirtualBox guest machine totally unavailable. Users have to reboot it to restore.