CVE 2019-2657
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.
Related bugs and status
CVE-2019-2657 (Candidate) is related to these bugs:
Bug #1805651: VBoxNetNAT is missing suid bit
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1805651 | VBoxNetNAT is missing suid bit | virtualbox (Ubuntu) | Undecided | Fix Released | ||
1805651 | VBoxNetNAT is missing suid bit | virtualbox-hwe (Ubuntu) | Undecided | Fix Released | ||
1805651 | VBoxNetNAT is missing suid bit | virtualbox (Ubuntu Bionic) | Undecided | Fix Released | ||
1805651 | VBoxNetNAT is missing suid bit | virtualbox-hwe (Ubuntu Bionic) | Undecided | Fix Released |
Bug #1829248: v5.2.18 dkms fails to build with 5.0 kernel on bionic
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1829248 | v5.2.18 dkms fails to build with 5.0 kernel on bionic | virtualbox (Ubuntu) | Undecided | Confirmed | ||
1829248 | v5.2.18 dkms fails to build with 5.0 kernel on bionic | virtualbox (Ubuntu Bionic) | Medium | Fix Released |
Bug #1835576: virtualbox-guest-dkms-hwe 5.2.18-dfsg-3~ubuntu18.04.3 fails to build on 5.0 based kernels [In function ‘VBoxGuest_RTR0MemUserIsValidAddr’: error: macro "access_ok" passed 3 arguments, but takes just 2]
See the
CVE page on Mitre.org
for more details.