Russian vulnerability researcher and exploit developer has published detailed information about a zero-day vulnerability in VirtualBox. Sergey Zelenyuk found that the security bug can be leveraged on virtual machines with Intel PRO/1000 MT Desktop (82540EM) network adapter in Network Address Translation (NAT) mode. Exploiting the vulnerability allows an attacker to escape the virtual environment of the guest machine and reach the Ring 3 privilege layer, used for running code from most user programs, with the least privileges. He tested his work on Ubuntu 16-04 and 18-04, both 86- and 64-bit with default configuration.
Source: https://www.bleepingcomputer.com/news/security/virtualbox-zero-day-vulnerability-details-and-exploit-are-publicly-available/