CVE-2017-10235

medium

Published 2017-08-08 · Modified 2026-05-13

CVSS v3

6.7

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H

CVSS v2

3.6

VIR risk

6.7

Description

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H).

Predictions

Exploit likelihood

66%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2017-10235

vendor Authored 2026-05-27

Vendor advisory: secalert_us@oracle.com — http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

OS impact

OS	Version	Status	Fixed in
debian	sid	fixed	`5.1.24-dfsg-1`

Application impact

Vendor	Product	Versions	Fixed
oracle	vm_virtualbox	`{"endIncluding":"5.1.22"}`

References

Verify integrity in audit chain (admin only). AS-IS.