Unrated severityNVD Advisory· Published Jan 20, 2021· Updated Sep 26, 2024

CVE-2021-2127

Description

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A high-privileged attacker can cause a denial of service in Oracle VM VirtualBox prior to 6.1.18 by exploiting a vulnerability in the Core component.

Vulnerability

The vulnerability resides in the Core component of Oracle VM VirtualBox. It affects versions prior to 6.1.18. The exact nature of the bug is not detailed in the available references, but it is classified as easily exploitable under specific conditions [1].

Exploitation

An attacker must have high privileges and be able to log on to the system where Oracle VM VirtualBox is running. No user interaction is required beyond the attacker's own actions. The attacker can then trigger the vulnerability to cause a hang or crash.

Impact

Successful exploitation results in a denial of service (DoS) condition, causing VirtualBox to hang or repeatedly crash, thereby affecting availability. No impact on confidentiality or integrity is reported.

Mitigation

Oracle has addressed this vulnerability in VirtualBox version 6.1.18. Users should upgrade to this version or later. The Gentoo security advisory [1] confirms that no workaround is available and recommends updating to the fixed version.

References

Multiple vulnerabilities (GLSA 202101-15) — Gentoo security

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Oracle Corporation/Oracle VM VirtualBoxllm-fuzzy
Range: <6.1.18
Oracle Corporation/Vm Virtualboxcpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202101-15mitrevendor-advisoryx_refsource_GENTOO
www.oracle.com/security-alerts/cpujan2021.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000