CVE-2021-25319 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-25319 Interim 1 6 2025-02-17T00:48:57Z current 2021-10-09T01:00:27Z 2025-02-17T00:48:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-25319 A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.2 openSUSE Leap 15.3 python3-virtualbox-6.1.22-lp152.2.24.2 python3-virtualbox-6.1.22-lp153.2.3.2 virtualbox-6.1.22-lp152.2.24.2 virtualbox-6.1.22-lp153.2.3.2 virtualbox-devel-6.1.22-lp152.2.24.2 virtualbox-devel-6.1.22-lp153.2.3.2 virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 virtualbox-guest-desktop-icons-6.1.22-lp153.2.3.2 virtualbox-guest-source-6.1.22-lp152.2.24.2 virtualbox-guest-source-6.1.22-lp153.2.3.2 virtualbox-guest-tools-6.1.22-lp152.2.24.2 virtualbox-guest-tools-6.1.22-lp153.2.3.2 virtualbox-guest-x11-6.1.22-lp152.2.24.2 virtualbox-guest-x11-6.1.22-lp153.2.3.2 virtualbox-host-source-6.1.22-lp152.2.24.2 virtualbox-host-source-6.1.22-lp153.2.3.2 virtualbox-kmp-default-6.1.22_k5.3.18_59.5-lp153.2.3.2 virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 virtualbox-kmp-preempt-6.1.22_k5.3.18_59.5-lp153.2.3.2 virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 virtualbox-qt-6.1.22-lp152.2.24.2 virtualbox-qt-6.1.22-lp153.2.3.2 virtualbox-vnc-6.1.22-lp152.2.24.2 virtualbox-vnc-6.1.22-lp153.2.3.2 virtualbox-websrv-6.1.22-lp152.2.24.2 virtualbox-websrv-6.1.22-lp153.2.3.2 python3-virtualbox-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-devel-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-guest-source-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-guest-tools-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-guest-x11-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-host-source-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-qt-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-vnc-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 virtualbox-websrv-6.1.22-lp152.2.24.2 as a component of openSUSE Leap 15.2 python3-virtualbox-6.1.22-lp153.2.3.2 as a component of openSUSE Leap 15.3 virtualbox-6.1.22-lp153.2.3.2 as a component of openSUSE Leap 15.3 virtualbox-devel-6.1.22-lp153.2.3.2 as a component of openSUSE Leap 15.3 virtualbox-guest-desktop-icons-6.1.22-lp153.2.3.2 as a component of openSUSE Leap 15.3 virtualbox-guest-source-6.1.22-lp153.2.3.2 as a component of openSUSE Leap 15.3 virtualbox-guest-tools-6.1.22-lp153.2.3.2 as a component of openSUSE Leap 15.3 virtualbox-guest-x11-6.1.22-lp153.2.3.2 as a component of openSUSE Leap 15.3 virtualbox-host-source-6.1.22-lp153.2.3.2 as a component of openSUSE Leap 15.3 virtualbox-kmp-default-6.1.22_k5.3.18_59.5-lp153.2.3.2 as a component of openSUSE Leap 15.3 virtualbox-kmp-preempt-6.1.22_k5.3.18_59.5-lp153.2.3.2 as a component of openSUSE Leap 15.3 virtualbox-qt-6.1.22-lp153.2.3.2 as a component of openSUSE Leap 15.3 virtualbox-vnc-6.1.22-lp153.2.3.2 as a component of openSUSE Leap 15.3 virtualbox-websrv-6.1.22-lp153.2.3.2 as a component of openSUSE Leap 15.3 A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions. CVE-2021-25319 openSUSE Leap 15.2:python3-virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-devel-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-host-source-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.22_k5.3.18_lp152.75-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-qt-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-vnc-6.1.22-lp152.2.24.2 openSUSE Leap 15.2:virtualbox-websrv-6.1.22-lp152.2.24.2 openSUSE Leap 15.3:python3-virtualbox-6.1.22-lp153.2.3.2 openSUSE Leap 15.3:virtualbox-6.1.22-lp153.2.3.2 openSUSE Leap 15.3:virtualbox-devel-6.1.22-lp153.2.3.2 openSUSE Leap 15.3:virtualbox-guest-desktop-icons-6.1.22-lp153.2.3.2 openSUSE Leap 15.3:virtualbox-guest-source-6.1.22-lp153.2.3.2 openSUSE Leap 15.3:virtualbox-guest-tools-6.1.22-lp153.2.3.2 openSUSE Leap 15.3:virtualbox-guest-x11-6.1.22-lp153.2.3.2 openSUSE Leap 15.3:virtualbox-host-source-6.1.22-lp153.2.3.2 openSUSE Leap 15.3:virtualbox-kmp-default-6.1.22_k5.3.18_59.5-lp153.2.3.2 openSUSE Leap 15.3:virtualbox-kmp-preempt-6.1.22_k5.3.18_59.5-lp153.2.3.2 openSUSE Leap 15.3:virtualbox-qt-6.1.22-lp153.2.3.2 openSUSE Leap 15.3:virtualbox-vnc-6.1.22-lp153.2.3.2 openSUSE Leap 15.3:virtualbox-websrv-6.1.22-lp153.2.3.2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H