CVE-2020-2951: 
VirtualBox vulnerability analysis and mitigation

CVE-2020-2951 is a vulnerability in Oracle VM VirtualBox's Core component affecting versions prior to 5.2.40, prior to 6.0.20, and prior to 6.1.6. The vulnerability was discovered and disclosed as part of Oracle's April 2020 Critical Patch Update (Oracle CPU). It is an easily exploitable vulnerability that allows low-privileged attackers with logon access to the infrastructure where Oracle VM VirtualBox executes to compromise the system.

The vulnerability has been assigned a CVSS 3.0 Base Score of 6.5 (Availability impacts) with the following vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. The vulnerability exists in the Core component of Oracle VM VirtualBox and requires local access with low privileges to exploit (Oracle CPU).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (NVD).

Oracle has released patches to address this vulnerability in VirtualBox versions 5.2.40, 6.0.20, and 6.1.6. Users are advised to upgrade to these or later versions. Various Linux distributions have also released security updates, including openSUSE Leap 15.1 which provided fixes through the package virtualbox-6.0.22 (OpenSUSE).