CVE-2014-6588

Current Description

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.

Referenced by CVEs:CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, CVE-2015-0427

Basic Data

PublishedJanuary 21, 2015
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:S/C:N/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score3.2
SeverityLOW
Exploitability Score3.1
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSOpensuseOpensuse13.1*******
    2.3OSOpensuseOpensuse13.2*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleVm Virtualbox********4.3.18

Vulnerable Software List

VendorProductVersions
Opensuse Opensuse 13.1, 13.2
Oracle Vm Virtualbox *

References

NameSourceURLTags
openSUSE-SU-2015:0229http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.htmlSUSE
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlCONFIRMVendor Advisory
GLSA-201612-27https://security.gentoo.org/glsa/201612-27GENTOO