Candidate: CVE-2018-3297
PublicDate: 2018-10-17 01:31:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3297
 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
 http://www.securitytracker.com/id/1041887
Description:
 Vulnerability in the Oracle VM VirtualBox component of Oracle
 Virtualization (subcomponent: Core). The supported version that is affected
 is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated
 attacker with logon to the infrastructure where Oracle VM VirtualBox
 executes to compromise Oracle VM VirtualBox. Successful attacks require
 human interaction from a person other than the attacker and while the
 vulnerability is in Oracle VM VirtualBox, attacks may significantly impact
 additional products. Successful attacks of this vulnerability can result in
 takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality,
 Integrity and Availability impacts). CVSS Vector:
 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H [8.6 HIGH]


Patches_virtualbox:
upstream_virtualbox: released (5.2.20-dfsg-1)
precise/esm_virtualbox: DNE
trusty_virtualbox: ignored (reached end-of-life)
trusty/esm_virtualbox: DNE (trusty was needs-triage)
xenial_virtualbox: ignored (end of standard support, was needed)
bionic_virtualbox: needed
cosmic_virtualbox: ignored (reached end-of-life)
disco_virtualbox: not-affected (6.0.6-dfsg-1)
eoan_virtualbox: not-affected (6.0.8-dfsg-7)
focal_virtualbox: not-affected (6.0.8-dfsg-7)
groovy_virtualbox: not-affected (6.0.8-dfsg-7)
hirsute_virtualbox: not-affected (6.0.8-dfsg-7)
impish_virtualbox: not-affected (6.0.8-dfsg-7)
jammy_virtualbox: not-affected (6.0.8-dfsg-7)
devel_virtualbox: not-affected (6.0.8-dfsg-7)