{"id":"MGASA-2020-0180","summary":"Updated virtualbox packages fix security vulnerabilities","details":"This update provides the upstream 6.0.20 adding support for kernel 5.6\nseries and fixes the following security vulnerabilities:\n\nOracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability\nthat allows high privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the\nvulnerability is in Oracle VM VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result in\nunauthorized access to critical data or complete access to all Oracle VM\nVirtualBox accessible data (CVE-2020-2741).\n\nOracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability\nthat allows high privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the\nvulnerability is in Oracle VM VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result in\nunauthorized read access to a subset of Oracle VM VirtualBox accessible\ndata (CVE-2020-2748).\n\nOracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability\nthat allows high privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the\nvulnerability is in Oracle VM VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result in\ntakeover of Oracle VM VirtualBox (CVE-2020-2758, CVE-2020-2894,\nCVE-2020-2905, CVE-2020-2908).\n\nOracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability\nthat allows low privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the\nvulnerability is in Oracle VM VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result in\ntakeover of Oracle VM VirtualBox (CVE-2020-2902).\n\nOracle VM VirtualBox before 6.0.20 has an difficult to exploit vulnerability\nthat allows high privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the\nvulnerability is in Oracle VM VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result in\ntakeover of Oracle VM VirtualBox (CVE-2020-2907, CVE-2020-2911,\nCVE-2020-2958).\n\nOracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability\nthat allows low privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox.\nSuccessful attacks require human interaction from a person other than the\nattacker. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a partial denial of service (partial DOS)\nof Oracle VM VirtualBox (CVE-2020-2909).\n\nOracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability\nthat allows low privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the\nvulnerability is in Oracle VM VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result\nin unauthorized creation, deletion or modification access to critical data\nor all Oracle VM VirtualBox accessible data (CVE-2020-2910).\n\nOracle VM VirtualBox before 6.0.20 has an difficult to exploit vulnerability\nthat allows low privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful\nattacks of this vulnerability can result in takeover of Oracle VM VirtualBox\n(CVE-2020-2913, CVE-2020-2914).\n\nOracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability\nthat allows low privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful\nattacks of this vulnerability can result in takeover of Oracle VM VirtualBox\n(CVE-2020-2929).\n\nOracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability\nthat allows low privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the\nvulnerability is in Oracle VM VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of Oracle VM VirtualBox (CVE-2020-2951).\n\nOracle VM VirtualBox before 6.0.20 has an easily exploitable vulnerability\nthat allows an unauthenticated attacker with network access via MLD to\ncompromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM\nVirtualBox, attacks may significantly impact additional products. Successful\nattacks of this vulnerability can result in unauthorized ability to cause a\nhang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox \n(CVE-2020-2959).\n\nFor other fixes in this update, see the referenced changelog.\n","modified":"2026-04-16T04:43:01.780563492Z","published":"2020-04-24T17:03:35Z","upstream":["CVE-2020-2741","CVE-2020-2748","CVE-2020-2758","CVE-2020-2894","CVE-2020-2902","CVE-2020-2905","CVE-2020-2907","CVE-2020-2908","CVE-2020-2909","CVE-2020-2910","CVE-2020-2911","CVE-2020-2913","CVE-2020-2914","CVE-2020-2929","CVE-2020-2951","CVE-2020-2958","CVE-2020-2959"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0180.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26506"},{"type":"WEB","url":"https://www.virtualbox.org/wiki/Changelog-6.0#v20"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixOVIR"}],"affected":[{"package":{"name":"virtualbox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.20-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0180.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.20-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0180.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}