Candidate: CVE-2019-2520
PublicDate: 2019-01-16 19:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2520
 http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Description:
 Vulnerability in the Oracle VM VirtualBox component of Oracle
 Virtualization (subcomponent: Core). Supported versions that are affected
 are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability
 allows low privileged attacker with logon to the infrastructure where
 Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the
 vulnerability is in Oracle VM VirtualBox, attacks may significantly impact
 additional products. Successful attacks of this vulnerability can result in
 takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality,
 Integrity and Availability impacts). CVSS Vector:
 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H [7.8 HIGH]


Patches_virtualbox:
upstream_virtualbox: released (5.2.24-dfsg-1)
precise/esm_virtualbox: DNE
trusty_virtualbox: ignored (reached end-of-life)
trusty/esm_virtualbox: DNE (trusty was needs-triage)
xenial_virtualbox: ignored (end of standard support, was needs-triage)
bionic_virtualbox: needs-triage
cosmic_virtualbox: ignored (reached end-of-life)
disco_virtualbox: ignored (reached end-of-life)
eoan_virtualbox: ignored (reached end-of-life)
focal_virtualbox: released (6.1.16-dfsg-6~ubuntu1.20.04.1)
groovy_virtualbox: released (6.1.16-dfsg-6~ubuntu1.20.10.1)
hirsute_virtualbox: not-affected (6.1.18-dfsg-5)
impish_virtualbox: not-affected (6.1.18-dfsg-5)
jammy_virtualbox: not-affected (6.1.18-dfsg-5)
devel_virtualbox: not-affected (6.1.18-dfsg-5)