CVE-2020-2703

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions prior to 5.2.36 Oracle VM VirtualBox versions prior to 6.0.16

Description The issue is related to errors in resource release in the Core component of Oracle VM VirtualBox. Exploitation of this issue can allow an attacker to cause a denial of service. A low-privileged attacker with login access to the infrastructure where Oracle VM VirtualBox runs can compromise Oracle VM VirtualBox. Although the issue occurs in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox.

Recommendations For Oracle VM VirtualBox versions prior to 5.2.36, update to version 5.2.36 or later. For Oracle VM VirtualBox versions prior to 6.0.16, update to version 6.0.16 or later. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.