Severity
Medium
Analysis Summary
Multiple vulnerabilities in the Oracle VM VirtualBox can be exploited by malicious actors to cause Denial of Service, escalate privileges and expose sensitive information.
Nine different errors within the “Core” subcomponent can be exploited to gain escalated privileges.
Five different errors within the “Core” subcomponent can be exploited to disclose certain data or cause a DoS.
The vulnerabilities are reported in versions prior to 5.2.28 and prior to 6.0.6.
Following CVE numbers have been assigned to these vulnerabilities.
CVE-2019-2721, CVE-2019-2680, CVE-2019-2722, CVE-2019-2703, CVE-2019-2696, CVE-2019-2690, CVE-2019-2679, CVE-2019-2574, CVE-2019-2678, CVE-2019-2657, CVE-2019-2656, CVE-2019-2723
Impact
- DoS
- Privilege escalation
- Exposure of sensitive information
Affected Vendors
Oracle
Affected Products
- Oracle VirtualBox 5.x
- Oracle VirtualBox 6.x
Remediation
Apply update.