LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CVE DATABASE  /  CVE-2008-3431

CVE-2008-3431

Oracle VirtualBox Insufficient Input Validation Vulnerability

⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog

Confirmed exploited in the wild. Added 2022-03-03. Federal remediation due 2022-03-24.
Required action: Apply updates per vendor instructions.

Summary

An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

Data: NIST NVD + CISA KEV. Always verify against the vendor advisory before acting.

Scroll to Top