CVE-2021-24038

Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
facebookCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
oculusdesktop
1.39 ≤
𝑥
< 31.1.0.67.507
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.facebook.com/security/advisories/cve-2021-24038
https://www.facebook.com/security/advisories/cve-2021-24038