CVE-2020-2741: 
VirtualBox vulnerability analysis and mitigation

CVE-2020-2741 is a vulnerability discovered in Oracle VM VirtualBox affecting versions prior to 5.2.40, prior to 6.0.20, and prior to 6.1.6. The vulnerability was disclosed in April 2020 as part of Oracle's Critical Patch Update. It is characterized as an easily exploitable vulnerability that allows high-privileged attackers with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise the system (Oracle Advisory).

The vulnerability exists within the shader_glsl_get_register_name function. The specific flaw results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS 3.0 Base Score of 6.0 (Confidentiality impacts) with the vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N (ZDI Advisory).

Successful exploitation of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (Oracle Advisory).

Oracle has released security patches to address this vulnerability. Users should upgrade to VirtualBox versions 5.2.40, 6.0.20, or 6.1.6 or later. The patches were released as part of Oracle's April 2020 Critical Patch Update (Oracle Advisory, OpenSUSE Advisory).