Candidate: CVE-2020-2910
PublicDate: 2020-04-15 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2910
 https://www.oracle.com/security-alerts/cpuapr2020.html
Description:
 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization
 (component: Core). Supported versions that are affected are Prior to 6.0.20
 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged
 attacker with logon to the infrastructure where Oracle VM VirtualBox
 executes to compromise Oracle VM VirtualBox. While the vulnerability is in
 Oracle VM VirtualBox, attacks may significantly impact additional products.
 Successful attacks of this vulnerability can result in unauthorized
 creation, deletion or modification access to critical data or all Oracle VM
 VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts).
 CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N).
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N [6.5 MEDIUM]


Patches_virtualbox:
upstream_virtualbox: released (6.1.6-dfsg-1)
precise/esm_virtualbox: DNE
trusty_virtualbox: ignored (out of standard support)
trusty/esm_virtualbox: DNE
xenial_virtualbox: ignored (end of standard support, was needs-triage)
bionic_virtualbox: needs-triage
eoan_virtualbox: ignored (reached end-of-life)
focal_virtualbox: released (6.1.16-dfsg-6~ubuntu1.20.04.1)
groovy_virtualbox: released (6.1.16-dfsg-6~ubuntu1.20.10.1)
hirsute_virtualbox: not-affected (6.1.18-dfsg-5)
impish_virtualbox: not-affected (6.1.18-dfsg-5)
jammy_virtualbox: not-affected (6.1.18-dfsg-5)
devel_virtualbox: not-affected (6.1.18-dfsg-5)