Candidate: CVE-2019-2865
PublicDate: 2019-07-23 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2865
Description:
 Vulnerability in the Oracle VM VirtualBox component of Oracle
 Virtualization (subcomponent: Core). Supported versions that are affected
 are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability
 allows high privileged attacker with logon to the infrastructure where
 Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the
 vulnerability is in Oracle VM VirtualBox, attacks may significantly impact
 additional products. Successful attacks of this vulnerability can result in
 takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality,
 Integrity and Availability impacts). CVSS Vector:
 (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H [7.5 HIGH]
 nvd: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H [7.5 HIGH]


Patches_virtualbox:
upstream_virtualbox: released (6.0.10-dfsg-1)
precise/esm_virtualbox: DNE
trusty_virtualbox: ignored (out of standard support)
trusty/esm_virtualbox: DNE
xenial_virtualbox: ignored (end of standard support, was needs-triage)
bionic_virtualbox: needs-triage
disco_virtualbox: ignored (reached end-of-life)
eoan_virtualbox: ignored (reached end-of-life)
focal_virtualbox: released (6.1.16-dfsg-6~ubuntu1.20.04.1)
groovy_virtualbox: released (6.1.16-dfsg-6~ubuntu1.20.10.1)
hirsute_virtualbox: not-affected (6.1.18-dfsg-5)
impish_virtualbox: not-affected (6.1.18-dfsg-5)
jammy_virtualbox: not-affected (6.1.18-dfsg-5)
devel_virtualbox: not-affected (6.1.18-dfsg-5)