Candidate: CVE-2017-3332
PublicDate: 2017-01-27 22:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3332
 http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixOVIR
 http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3432537.xml
Description:
 Vulnerability in the Oracle VM VirtualBox component of Oracle
 Virtualization (subcomponent: VirtualBox SVGA Emulation). Supported
 versions that are affected are VirtualBox prior to 5.0.32 and prior to
 5.1.14. Easily exploitable vulnerability allows low privileged attacker
 with logon to the infrastructure where Oracle VM VirtualBox executes to
 compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
 VirtualBox, attacks may significantly impact additional products.
 Successful attacks of this vulnerability can result in unauthorized
 creation, deletion or modification access to critical data or all Oracle VM
 VirtualBox accessible data and unauthorized ability to cause a hang or
 frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS
 v3.0 Base Score 8.4 (Integrity and Availability impacts).
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H [8.4 HIGH]

Patches_virtualbox:
upstream_virtualbox: released (5.1.14-dfsg-1)
precise_virtualbox: ignored (reached end-of-life)
precise/esm_virtualbox: DNE (precise was needs-triage)
trusty_virtualbox: ignored (reached end-of-life)
trusty/esm_virtualbox: DNE (trusty was needed)
vivid/stable-phone-overlay_virtualbox: DNE
vivid/ubuntu-core_virtualbox: DNE
xenial_virtualbox: not-affected (5.1.38-dfsg-0ubuntu1.16.04.1)
yakkety_virtualbox: ignored (reached end-of-life)
zesty_virtualbox: not-affected (5.1.14-dfsg-1)
artful_virtualbox: not-affected (5.1.14-dfsg-1)
bionic_virtualbox: not-affected (5.1.14-dfsg-1)
cosmic_virtualbox: not-affected (5.1.14-dfsg-1)
disco_virtualbox: not-affected (5.1.14-dfsg-1)
devel_virtualbox: not-affected (5.1.14-dfsg-1)