CVE-2021-24038

Published: Aug 19, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.

Affected (1)

Products: Oculus: Desktop

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oculus Desktop	From 1.39 to 31.1.0.67.507

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.facebook.com/security/advisories/cve-2021-24038

Source: cve-assign@fb.com

Third Party Advisory

https://www.facebook.com/security/advisories/cve-2021-24038

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.