CVE-2021-2121Access of Uninitialized Pointer in Corporation VM Virtualbox

CWE-824Access of Uninitialized Pointer8 documents7 sources
Severity
6.0MEDIUMNVD
EPSS
0.2%
top 62.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation VM VirtualboxOracle VM Virtualbox
Timeline
PublishedJan 20
Latest updateSep 16

Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized abi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages2 packages

NVDoracle/vm_virtualbox< 6.1.18
CVEListV5oracle_corporation/vm_virtualboxunspecified6.1.18

🔴Vulnerability Details

4
OSV
dcmtk vulnerabilities2024-09-17
GHSA
GHSA-8g3p-9292-vwfx: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)2022-05-24
CVEList
CVE-2021-2121: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)2021-01-20
OSV
CVE-2021-2121: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)2021-01-20

📋Vendor Advisories

3
Red Hat
kernel: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue2025-09-16
Oracle
Oracle Oracle Virtualization Risk Matrix: Core — CVE-2021-21212021-01-15
Debian
CVE-2021-2121: virtualbox - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp...2021
CVE-2021-2121 — Access of Uninitialized Pointer | cvebase