CVE-2018-3295

HIGH

Oracle VM VirtualBox <5.2.20 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-3295. PoCs published by jeongzero8732, ndureiss.

AI-analyzed exploit summary This is a Linux kernel module exploit for CVE-2018-3295, targeting a heap overflow vulnerability in VirtualBox's e1000 network driver emulation. It bypasses ASLR and NX to achieve arbitrary code execution in the host kernel from a guest VM.

Description

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Exploits (2)

nomisec WORKING POC

by jeongzero8732 · poc

https://github.com/jeongzero8732/cve-2018-3295

View Code ZIP pw:eip

This is a Linux kernel module exploit for CVE-2018-3295, targeting a heap overflow vulnerability in VirtualBox's e1000 network driver emulation. It bypasses ASLR and NX to achieve arbitrary code execution in the host kernel from a guest VM.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: VirtualBox (e1000 emulation)

No auth needed

Prerequisites: Guest VM with VirtualBox e1000 network adapter · Ability to load kernel modules in guest

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by ndureiss · poc

https://github.com/ndureiss/e1000_vulnerability_exploit

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2018-3295, targeting a heap overflow vulnerability in the VirtualBox e1000 network device emulation. The exploit includes a malicious kernel module to trigger the vulnerability and achieve arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: VirtualBox (e1000 network device emulation)

No auth needed

Prerequisites: Access to a VirtualBox VM with e1000 network device · Ability to load a kernel module in the guest OS

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041887

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105619

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html

Scores

CVSS v3 8.6

EPSS 0.0171

EPSS Percentile 74.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (1)

oracle/vm_virtualbox < 5.2.20

Published Oct 17, 2018

Tracked Since Feb 18, 2026