CVE-2021-35538

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-35538
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability does not apply to Windows systems. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://security.gentoo.org/glsa/202208-36 Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*
History

22 Sep 2022, 20:54

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202208-36 - (GENTOO) https://security.gentoo.org/glsa/202208-36 - Third Party Advisory

01 Sep 2022, 03:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202208-36 -

26 Oct 2021, 13:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8 		v2 : 4.6
v3 : 7.8
CPE cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Vendor Advisory

20 Oct 2021, 11:53

Type Values Removed Values Added
New CVE
Information

Published : 2021-10-20 11:16

Updated : 2023-12-10 14:09

NVD link : CVE-2021-35538

Mitre link : CVE-2021-35538

CVE.ORG link : CVE-2021-35538

JSON object : View

Products Affected

linux

  • linux_kernel

oracle

  • solaris
  • vm_virtualbox

apple

  • macos
CWE
NVD-CWE-noinfo