Use of Uninitialized Variable in Oracle VM VirtualBox - CVE-2020-2575
Published: May 4, 2020
Vulnerability identifier: #VU27493
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-2575
CWE-ID: CWE-457
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Oracle VM VirtualBox
Oracle VM VirtualBox
Detailed vulnerability description
The vulnerabilities allows a local user to escalate privileges on the target system.
The vulnerability exists within the processing of data sent to OHCI endpoints due to the lack of proper initialization of memory prior to accessing it. A local user can gain elevated privileges on the target system and execute arbitrary code.
How to mitigate CVE-2020-2575
Install updates from vendor's website.