Vendor: https://www.virtualbox.org/
Supported Versions Affected: Prior to 5.2.40, prior to 6.0.20, prior to 6.1.6
Vulnerability: Local Denial of Service
Discoverer: Fatih Çelik
CVE: 2020-2909
CVSS 3.x Base Score: 2.8 LOW
Component: Core
Attack Vector: Local
VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 2.
In one of the core component of the Virtualbox virtualization application is suffered by “Local Denial of Service” vulnerability. With the “Critical Patch Update” published on 14 April 2020, the weakness was closed by Oracle.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox.
Disclosure Timeline
Vulnerability Reported to Vendor: 02/07/2020
Coordinated public release of advisory: 04/14/2020
Additional Links: