CVE-2008-3431
Oracle VirtualBox Insufficient Input Validation Vulnerability
CVSS
—
No CVSS
EPSS
6.9%
p93
KEV
YES
Mar 3, 2022
Exploit Today
78
0-100
Published: — · Last modified: —
6.9%EPSS · 30 days6.9%
2026-06-302026-07-16
Product
Oracle / VirtualBox
Vulnerability
Oracle VirtualBox Insufficient Input Validation Vulnerability
Added to KEV
Mar 3, 2022
Remediate by
Mar 24, 2022
Known ransomware use
No
Summary description
An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2008-3431
No related CVEs by CWE or product.