Vulnerability CVE-2019-2552: Information

Description

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-2552

Published: Jan. 16, 2019

Modified: Aug. 24, 2020

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
kernel-modules-virtualbox-addition-std-def	sisyphus	5.2.24-alt1.265824.1	7.0.14-alt1.393561.1	ALT-PU-2019-1135-1	219496	Fixed
kernel-modules-virtualbox-addition-std-def	p10	5.2.24-alt1.265824.1	6.1.50-alt1.330453.1	ALT-PU-2019-1135-1	219496	Fixed
kernel-modules-virtualbox-addition-std-def	p9	5.2.24-alt1.265824.1	6.1.26-alt1.328978.1	ALT-PU-2019-1135-1	219496	Fixed
kernel-modules-virtualbox-addition-std-def	p8	5.2.26-alt1.264603.0.M80P.1	5.2.42-alt1.264785.0.M80P.1	ALT-PU-2019-1281-1	221021	Fixed
kernel-modules-virtualbox-addition-std-def	c9f2	5.2.24-alt1.265824.1	6.1.46-alt1.330454.0.c9f.2	ALT-PU-2019-1135-1	219496	Fixed
kernel-modules-virtualbox-addition-un-def	sisyphus	5.2.24-alt1.267026.1	7.0.14-alt1.394781.1	ALT-PU-2019-1137-1	219496	Fixed
kernel-modules-virtualbox-addition-un-def	p10	5.2.24-alt1.267026.1	6.1.50-alt1.393557.1	ALT-PU-2019-1137-1	219496	Fixed
kernel-modules-virtualbox-addition-un-def	p9	5.2.24-alt1.267026.1	6.1.26-alt1.330455.1	ALT-PU-2019-1137-1	219496	Fixed
kernel-modules-virtualbox-addition-un-def	p8	5.2.26-alt1.267024.0.M80P.1	5.2.42-alt1.267318.0.M80P.1	ALT-PU-2019-1280-1	221021	Fixed
kernel-modules-virtualbox-addition-un-def	c10f1	5.2.24-alt1.267026.1	6.1.46-alt1.393557.0.c10f.1	ALT-PU-2019-1137-1	219496	Fixed
kernel-modules-virtualbox-addition-un-def	c9f2	5.2.24-alt1.267026.1	6.1.46-alt1.330269.2	ALT-PU-2019-1137-1	219496	Fixed
kernel-modules-virtualbox-std-def	sisyphus	5.2.24-alt1.265824.1	7.0.14-alt1.393561.1	ALT-PU-2019-1134-1	219496	Fixed
kernel-modules-virtualbox-std-def	p10	5.2.24-alt1.265824.1	6.1.50-alt1.330453.1	ALT-PU-2019-1134-1	219496	Fixed
kernel-modules-virtualbox-std-def	p9	5.2.24-alt1.265824.1	6.1.26-alt1.328978.1	ALT-PU-2019-1134-1	219496	Fixed
kernel-modules-virtualbox-std-def	p8	5.2.26-alt1.264603.0.M80P.1	5.2.42-alt1.264785.0.M80P.1	ALT-PU-2019-1278-1	221021	Fixed
kernel-modules-virtualbox-std-def	c9f2	5.2.24-alt1.265824.1	6.1.46-alt1.330454.0.c9f.2	ALT-PU-2019-1134-1	219496	Fixed
kernel-modules-virtualbox-un-def	sisyphus	5.2.24-alt1.267026.1	7.0.14-alt1.394781.1	ALT-PU-2019-1136-1	219496	Fixed
kernel-modules-virtualbox-un-def	p10	5.2.24-alt1.267026.1	6.1.50-alt1.393557.1	ALT-PU-2019-1136-1	219496	Fixed
kernel-modules-virtualbox-un-def	p9	5.2.24-alt1.267026.1	6.1.26-alt1.330455.1	ALT-PU-2019-1136-1	219496	Fixed
kernel-modules-virtualbox-un-def	p8	5.2.26-alt1.267024.0.M80P.1	5.2.42-alt1.267318.0.M80P.1	ALT-PU-2019-1279-1	221021	Fixed
kernel-modules-virtualbox-un-def	c10f1	5.2.24-alt1.267026.1	6.1.46-alt1.393557.0.c10f.1	ALT-PU-2019-1136-1	219496	Fixed
kernel-modules-virtualbox-un-def	c9f2	5.2.24-alt1.267026.1	6.1.46-alt1.330269.2	ALT-PU-2019-1136-1	219496	Fixed
virtualbox	sisyphus	5.2.24-alt3	7.0.14-alt2	ALT-PU-2019-1133-1	219496	Fixed
virtualbox	p10	5.2.24-alt3	6.1.50-alt1	ALT-PU-2019-1133-1	219496	Fixed
virtualbox	p9	5.2.24-alt3	6.1.26-alt1	ALT-PU-2019-1133-1	219496	Fixed
virtualbox	p8	5.2.26-alt1	5.2.42-alt2	ALT-PU-2019-1277-1	221021	Fixed
virtualbox	c10f1	5.2.24-alt3	6.1.46-alt1	ALT-PU-2019-1133-1	219496	Fixed
virtualbox	c9f2	5.2.24-alt3	6.1.46-alt1	ALT-PU-2019-1133-1	219496	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch Vendor Advisory
106568	Third Party Advisory VDB Entry
openSUSE-SU-2019:1547

Affected configurations:
1. Configuration 1
  cpe:2.3:a:oracle:vm_virtualbox:6.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
  End excliding
  5.2.24

Version: v24.4.2

Vulnerability CVE-2019-2552: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1