What the vulnerability does

01Description

Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.

Key dates

02Disclosure timeline

August 18, 2021 CVE published
August 3, 2024 Record updated