Candidate: CVE-2020-14707
PublicDate: 2020-07-15 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14707
 https://www.oracle.com/security-alerts/cpujul2020.html
Description:
 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization
 (component: Core). Supported versions that are affected are Prior to
 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable
 vulnerability allows low privileged attacker with logon to the
 infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM
 VirtualBox. Successful attacks require human interaction from a person
 other than the attacker. Successful attacks of this vulnerability can
 result in unauthorized ability to cause a hang or frequently repeatable
 crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0
 (Availability impacts). CVSS Vector:
 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H [5.0 MEDIUM]


Patches_virtualbox:
upstream_virtualbox: released (6.1.12-dfsg-1)
precise/esm_virtualbox: DNE
trusty_virtualbox: ignored (out of standard support)
trusty/esm_virtualbox: DNE
xenial_virtualbox: ignored (end of standard support, was needs-triage)
bionic_virtualbox: needs-triage
eoan_virtualbox: ignored (reached end-of-life)
focal_virtualbox: released (6.1.16-dfsg-6~ubuntu1.20.04.1)
groovy_virtualbox: released (6.1.16-dfsg-6~ubuntu1.20.10.1)
hirsute_virtualbox: not-affected (6.1.18-dfsg-5)
impish_virtualbox: not-affected (6.1.18-dfsg-5)
jammy_virtualbox: not-affected (6.1.18-dfsg-5)
devel_virtualbox: not-affected (6.1.18-dfsg-5)