Use of Uninitialized Variable in Oracle VM VirtualBox - CVE-2020-2575

 

Use of Uninitialized Variable in Oracle VM VirtualBox - CVE-2020-2575

Published: May 4, 2020


Vulnerability identifier: #VU27493
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-2575
CWE-ID: CWE-457
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Oracle
Affected software:
Oracle VM VirtualBox

Detailed vulnerability description

The vulnerabilities allows a local user to escalate privileges on the target system.

The vulnerability exists within the processing of data sent to OHCI endpoints due to the lack of proper initialization of memory prior to accessing it. A local user can gain elevated privileges on the target system and execute arbitrary code.


How to mitigate CVE-2020-2575

Install updates from vendor's website.

Sources