Posts Virtualbox Local DOS Vulnerability | CVE-2020-2909

Virtualbox Local DOS Vulnerability | CVE-2020-2909


Supported Versions Affected: Prior to 5.2.40, prior to 6.0.20, prior to 6.1.6

Vulnerability: Local Denial of Service

Discoverer: Fatih Çelik

CVE: 2020-2909

CVSS 3.x Base Score2.8 LOW

Component: Core

Attack Vector: Local

VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 2.

In one of the core component of the Virtualbox virtualization application is suffered by “Local Denial of Service” vulnerability. With the “Critical Patch Update” published on 14 April 2020, the weakness was closed by Oracle.

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox.

Disclosure Timeline

Vulnerability Reported to Vendor: 02/07/2020

Coordinated public release of advisory: 04/14/2020

Additional Links:

This post is licensed under CC BY 4.0 by the author.