CVE-2021-2111
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A high-privileged attacker can cause a denial-of-service (hang/crash) of Oracle VM VirtualBox versions prior to 6.1.18 via an easily exploitable vulnerability in the Core component.
Vulnerability
An easily exploitable vulnerability exists in the Core component of Oracle VM VirtualBox versions prior to 6.1.18 [1]. This vulnerability requires a high privileged attacker with logon to the infrastructure where VirtualBox executes. The specific code path is triggered by an attacker with elevated privileges within the host environment, affecting the stability of the virtualization software.
Exploitation
To exploit this vulnerability, an attacker must have a high level of privilege (administrator or root equivalent) on the host system where VirtualBox is installed. The attacker must also have logon access to that host. No user interaction is required. The attacker then leverages this position to perform actions that lead to the hang or crash of the VirtualBox process via the vulnerable component.
Impact
Successful exploitation results in a denial-of-service (DoS) condition, manifesting as a system hang or frequent, repeatable crash of Oracle VM VirtualBox. This causes a complete loss of availability for the virtualization service, impacting not only the host VM manager but potentially other products that depend on it, as indicated by the CVSS scope change (S:C). There is no impact to confidentiality or integrity.
Mitigation
The vulnerability is fixed in Oracle VM VirtualBox version 6.1.18 and later [1]. The Gentoo security advisory recommends upgrading all VirtualBox users to version 6.1.18 or higher [1]. There is no known workaround for this issue [1]. Users should apply the latest updates from their vendor.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <6.1.18
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- security.gentoo.org/glsa/202101-15mitrevendor-advisoryx_refsource_GENTOO
- www.oracle.com/security-alerts/cpujan2021.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.