Vulnerability Description
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vboxcomm | Satellite Express Protocol | 2.3.17.3 |
References
- http://packetstormsecurity.com/files/133620/VBox-Satellite-Express-Arbitrary-Wri
- http://seclists.org/fulldisclosure/2015/Sep/72Exploit
- http://www.securityfocus.com/archive/1/536491/100/0/threaded
- https://www.exploit-db.com/exploits/38225/Exploit
- https://www.korelogic.com/Resources/Advisories/KL-001-2015-005.txtExploit
- http://packetstormsecurity.com/files/133620/VBox-Satellite-Express-Arbitrary-Wri
- http://seclists.org/fulldisclosure/2015/Sep/72Exploit
- http://www.securityfocus.com/archive/1/536491/100/0/threaded
- https://www.exploit-db.com/exploits/38225/Exploit
- https://www.korelogic.com/Resources/Advisories/KL-001-2015-005.txtExploit
FAQ
What is CVE-2015-6923?
CVE-2015-6923 is a vulnerability with a CVSS score of 7.2 (HIGH). The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
How severe is CVE-2015-6923?
CVE-2015-6923 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6923?
Check the references section above for vendor advisories and patch information. Affected products include: Vboxcomm Satellite Express Protocol.