CVE-2023-21987 PoC — Oracle Virtualization 安全漏洞

Source

https://github.com/chunzhennn/cve-2023-21987-poc

Associated Vulnerability

Title:Oracle Virtualization 安全漏洞 (CVE-2023-21987)
Description:Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

Description

Oracle VirtualBox VGA OOB-Read Vulnerability

Readme

# cve-2023-21987-poc

## Oracle VirtualBox VGA OOB-Read Vulnerability

This Proof of Concept (PoC) is designed for a Linux guest OS running on a Windows host OS.

The purpose of this PoC is to demonstrate the ability to leak addresses of VirtualBox components. You may need to adjust the pointer values within the `vga_exp` function to match the specific builds you are testing.

Currently, the success rate is relatively low. Contributions to improve its reliability are highly appreciated.

File Snapshot


 [4.0K]  /data/pocs/da4d82852f4aaa66b4b1028ce7930a44dbd34e08
├── [8.5K]  poc.c
├── [ 492]  README.md
└── [ 15K]  vmmdev.h

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!