{"id":"UBUNTU-CVE-2018-3085","details":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H).","modified":"2026-03-24T10:38:43.790070Z","published":"2018-07-18T13:29:00Z","upstream":["CVE-2018-3085"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-3085"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-3085"}],"affected":[{"package":{"name":"virtualbox","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@5.1.38-dfsg-0ubuntu1.16.04.3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.0.4-dfsg-2","5.0.8-dfsg-1","5.0.10-dfsg-1","5.0.10-dfsg-2","5.0.10-dfsg-3","5.0.10-dfsg-4","5.0.10-dfsg-5","5.0.10-dfsg-6","5.0.10-dfsg-7","5.0.12-dfsg-1","5.0.12-dfsg-2","5.0.14-dfsg-1","5.0.14-dfsg-2","5.0.14-dfsg-2build1","5.0.16-dfsg-2","5.0.16-dfsg-3","5.0.18-dfsg-1","5.0.18-dfsg-1ubuntu1","5.0.18-dfsg-2","5.0.18-dfsg-2build1","5.0.18-dfsg-2ubuntu1","5.0.24-dfsg-0ubuntu1.16.04.1","5.0.32-dfsg-0ubuntu1.16.04.2","5.0.36-dfsg-0ubuntu1.16.04.2","5.0.40-dfsg-0ubuntu1.16.04.1","5.0.40-dfsg-0ubuntu1.16.04.2","5.1.34-dfsg-0ubuntu1.16.04.2","5.1.38-dfsg-0ubuntu1.16.04.1","5.1.38-dfsg-0ubuntu1.16.04.2","5.1.38-dfsg-0ubuntu1.16.04.3"],"ecosystem_specific":{"binaries":[{"binary_name":"virtualbox","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-dkms","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-guest-dkms","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-guest-source","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-guest-utils","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-guest-x11","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-qt","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-source","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-3085.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@5.2.42-dfsg-0~ubuntu1.18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.1.30-dfsg-1","5.2.0-dfsg-1build2","5.2.0-dfsg-2","5.2.0-dfsg-4","5.2.0-dfsg-5","5.2.2-dfsg-2","5.2.2-dfsg-3~build1","5.2.2-dfsg-3","5.2.4-dfsg-1","5.2.4-dfsg-2","5.2.6-dfsg-1","5.2.6-dfsg-2","5.2.6-dfsg-3","5.2.6-dfsg-3build1","5.2.6-dfsg-5","5.2.8-dfsg-2","5.2.8-dfsg-3","5.2.8-dfsg-5","5.2.8-dfsg-6","5.2.8-dfsg-7","5.2.10-dfsg-1","5.2.10-dfsg-2","5.2.10-dfsg-5","5.2.10-dfsg-6","5.2.10-dfsg-6ubuntu18.04.1","5.2.18-dfsg-2~ubuntu18.04.1","5.2.18-dfsg-2~ubuntu18.04.3","5.2.18-dfsg-2~ubuntu18.04.5","5.2.32-dfsg-0~ubuntu18.04.1","5.2.34-dfsg-0~ubuntu18.04.1","5.2.42-dfsg-0~ubuntu1.18.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"virtualbox","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-dkms","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-guest-dkms","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-guest-source","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-guest-utils","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-guest-x11","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-qt","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-source","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-3085.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@6.1.50-dfsg-1~ubuntu1.20.04.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.0.14-dfsg-1","6.0.14-dfsg-2~build1","6.0.14-dfsg-2","6.1.0-dfsg-3build1","6.1.0-dfsg-3build2","6.1.2-dfsg-1","6.1.2-dfsg-1build1","6.1.4-dfsg-1","6.1.4-dfsg-2~build1","6.1.4-dfsg-2","6.1.4-dfsg-4","6.1.6-dfsg-1","6.1.10-dfsg-1~ubuntu1.20.04.1","6.1.16-dfsg-6~ubuntu1.20.04.1","6.1.16-dfsg-6~ubuntu1.20.04.2","6.1.22-dfsg-2~ubuntu1.20.04.1","6.1.26-dfsg-3~ubuntu1.20.04.1","6.1.26-dfsg-3~ubuntu1.20.04.2","6.1.32-dfsg-1~ubuntu1.20.04.1","6.1.34-dfsg-3~ubuntu1.20.04.1","6.1.38-dfsg-3~ubuntu1.20.04.1","6.1.48-dfsg-1~ubuntu1.20.04.1","6.1.50-dfsg-1~ubuntu1.20.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"virtualbox","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-dkms","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-guest-dkms","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-guest-source","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-guest-utils","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-guest-x11","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-qt","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-source","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-3085.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@6.1.50-dfsg-1~ubuntu1.22.04.3?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.1.26-dfsg-4","6.1.28-dfsg-1","6.1.30-dfsg-1","6.1.32-dfsg-1","6.1.32-dfsg-1build1","6.1.34-dfsg-3~ubuntu1.22.04.1","6.1.38-dfsg-3~ubuntu1.22.04.1","6.1.48-dfsg-1~ubuntu1.22.04.1","6.1.50-dfsg-1~ubuntu1.22.04.1","6.1.50-dfsg-1~ubuntu1.22.04.3"],"ecosystem_specific":{"binaries":[{"binary_name":"virtualbox","binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3"},{"binary_name":"virtualbox-dkms","binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3"},{"binary_name":"virtualbox-guest-utils","binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3"},{"binary_name":"virtualbox-guest-x11","binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3"},{"binary_name":"virtualbox-qt","binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3"},{"binary_name":"virtualbox-source","binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-3085.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@7.0.16-dfsg-2ubuntu1.3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.0.10-dfsg-3","7.0.12-dfsg-1","7.0.12-dfsg-1build1","7.0.14-dfsg-1","7.0.14-dfsg-2","7.0.14-dfsg-4","7.0.14-dfsg-4build4","7.0.14-dfsg-4build5","7.0.16-dfsg-1","7.0.16-dfsg-2","7.0.16-dfsg-2ubuntu1","7.0.16-dfsg-2ubuntu1.1","7.0.16-dfsg-2ubuntu1.3"],"ecosystem_specific":{"binaries":[{"binary_name":"virtualbox","binary_version":"7.0.16-dfsg-2ubuntu1.3"},{"binary_name":"virtualbox-dkms","binary_version":"7.0.16-dfsg-2ubuntu1.3"},{"binary_name":"virtualbox-guest-utils","binary_version":"7.0.16-dfsg-2ubuntu1.3"},{"binary_name":"virtualbox-guest-x11","binary_version":"7.0.16-dfsg-2ubuntu1.3"},{"binary_name":"virtualbox-qt","binary_version":"7.0.16-dfsg-2ubuntu1.3"},{"binary_name":"virtualbox-source","binary_version":"7.0.16-dfsg-2ubuntu1.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-3085.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/virtualbox@7.2.2-dfsg-2ubuntu0.1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.0.20-dfsg-1.2","7.0.26-dfsg-1","7.1.8-dfsg-2","7.1.8-dfsg-3","7.1.8-dfsg-3build1","7.1.10-dfsg-1","7.1.12-dfsg-1","7.1.12-dfsg-2","7.2.0-dfsg-2","7.2.0-dfsg-3","7.2.2-dfsg-2","7.2.2-dfsg-2ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"virtualbox","binary_version":"7.2.2-dfsg-2ubuntu0.1"},{"binary_name":"virtualbox-dkms","binary_version":"7.2.2-dfsg-2ubuntu0.1"},{"binary_name":"virtualbox-guest-utils","binary_version":"7.2.2-dfsg-2ubuntu0.1"},{"binary_name":"virtualbox-guest-utils-hwe","binary_version":"7.2.2-dfsg-2ubuntu0.1"},{"binary_name":"virtualbox-guest-x11","binary_version":"7.2.2-dfsg-2ubuntu0.1"},{"binary_name":"virtualbox-guest-x11-hwe","binary_version":"7.2.2-dfsg-2ubuntu0.1"},{"binary_name":"virtualbox-qt","binary_version":"7.2.2-dfsg-2ubuntu0.1"},{"binary_name":"virtualbox-source","binary_version":"7.2.2-dfsg-2ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-3085.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}