← back
CVE-2008-3431

CVE-2008-3431

CVSS 8.8 HIGHEPSS 6.9%● KEV
In short

A flaw in VirtualBox's driver allows local users to gain elevated privileges by sending specially crafted commands to the VirtualBox device driver. The driver fails to properly check memory addresses before processing them, letting attackers execute code with system-level access.

Technical detail

CVE-2008-3431 exploits improper buffer validation in VBoxDrv.sys's VBoxDrvNtDeviceControl function, which uses METHOD_NEITHER for IOCTL handling without adequate address space verification. Local attackers with device access can trigger privilege escalation by sending crafted kernel pointers via DeviceIoControl calls, leading to arbitrary code execution in kernel context.

Summary generated and translated by AI from the official description.
The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/6218unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/31361http://securityreason.com/securityalert/4107http://securitytracker.com/id?1020625https://exchange.xforce.ibmcloud.com/vulnerabilities/44202http://sunsolve.sun.com/search/document.do?assetkey=1-66-240095-1https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-3431https://www.exploit-db.com/exploits/6218http://virtualbox.org/wiki/Changeloghttp://www.coresecurity.com/content/virtualbox-privilege-escalation-vulnerabilityhttp://www.securityfocus.com/archive/1/495095/100/0/threadedhttp://www.securityfocus.com/bid/30481http://www.vupen.com/english/advisories/2008/2293