1
Candidate: CVE-2017-3559
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3559
5
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
7
Vulnerability in the Oracle VM VirtualBox component of Oracle
8
Virtualization (subcomponent: Core). Supported versions that are affected
9
are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability
10
allows low privileged attacker with logon to the infrastructure where
11
Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the
12
vulnerability is in Oracle VM VirtualBox, attacks may significantly impact
13
additional products. Successful attacks of this vulnerability can result in
14
unauthorized ability to cause a hang or frequently repeatable crash
15
(complete DOS) of Oracle VM VirtualBox as well as unauthorized update,
16
insert or delete access to some of Oracle VM VirtualBox accessible data and
17
unauthorized read access to a subset of Oracle VM VirtualBox accessible
18
data. CVSS 3.0 Base Score 7.9 (Confidentiality, Integrity and Availability
19
impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H).
24
Discovered-by: Li Qiang
28
upstream_virtualbox: needs-triage
29
precise_virtualbox: ignored (reached end-of-life)
30
precise/esm_virtualbox: DNE (precise was needs-triage)
31
trusty_virtualbox: needs-triage
32
vivid/stable-phone-overlay_virtualbox: DNE
33
vivid/ubuntu-core_virtualbox: DNE
34
xenial_virtualbox: needed
35
yakkety_virtualbox: ignored (reached end-of-life)
36
zesty_virtualbox: ignored (reached end-of-life)
37
artful_virtualbox: needs-triage
38
bionic_virtualbox: needs-triage
39
devel_virtualbox: needs-triage