CVE-2018-2860
Description
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
High-privileged attacker with local access can exploit Oracle VM VirtualBox Core to achieve full takeover, affecting versions prior to 5.1.36 and 5.2.10.
Vulnerability
The vulnerability resides in the Core component of Oracle VM VirtualBox. Affected versions are prior to 5.1.36 and 5.2.10 [1]. It is easily exploitable and requires an attacker with high privileges and logon to the infrastructure where VirtualBox executes.
Exploitation
An attacker with high privileges and local access can exploit this vulnerability without user interaction. The attack complexity is low, and no authentication beyond the initial high-privileged session is needed.
Impact
Successful exploitation results in a full takeover of Oracle VM VirtualBox, leading to high impacts on confidentiality, integrity, and availability. The attack may also significantly affect additional products due to the scope change (CVSS 8.2).
Mitigation
Oracle has released fixed versions: upgrade to 5.1.36 or later (for the 5.1.x branch) or 5.2.10 or later (for the 5.2.x branch). The Gentoo security advisory [1] recommends upgrading to >=app-emulation/virtualbox-5.1.36 or the binary equivalent. No workaround is known.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <5.1.36, <5.2.10
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- security.gentoo.org/glsa/201805-08mitrevendor-advisoryx_refsource_GENTOO
- www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlmitrex_refsource_CONFIRM
- www.securityfocus.com/bid/103860mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1040707mitrevdb-entryx_refsource_SECTRACK
News mentions
0No linked articles in our index yet.