{"id":"UBUNTU-CVE-2023-21987","details":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.44 and  Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).","modified":"2026-03-24T11:13:30.861585Z","published":"2023-04-18T20:15:00Z","upstream":["CVE-2023-21987"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-21987"},{"type":"REPORT","url":"https://www.oracle.com/security-alerts/cpuapr2023.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2023-21987"}],"affected":[{"package":{"name":"virtualbox","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@5.1.38-dfsg-0ubuntu1.16.04.3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.0.4-dfsg-2","5.0.8-dfsg-1","5.0.10-dfsg-1","5.0.10-dfsg-2","5.0.10-dfsg-3","5.0.10-dfsg-4","5.0.10-dfsg-5","5.0.10-dfsg-6","5.0.10-dfsg-7","5.0.12-dfsg-1","5.0.12-dfsg-2","5.0.14-dfsg-1","5.0.14-dfsg-2","5.0.14-dfsg-2build1","5.0.16-dfsg-2","5.0.16-dfsg-3","5.0.18-dfsg-1","5.0.18-dfsg-1ubuntu1","5.0.18-dfsg-2","5.0.18-dfsg-2build1","5.0.18-dfsg-2ubuntu1","5.0.24-dfsg-0ubuntu1.16.04.1","5.0.32-dfsg-0ubuntu1.16.04.2","5.0.36-dfsg-0ubuntu1.16.04.2","5.0.40-dfsg-0ubuntu1.16.04.1","5.0.40-dfsg-0ubuntu1.16.04.2","5.1.34-dfsg-0ubuntu1.16.04.2","5.1.38-dfsg-0ubuntu1.16.04.1","5.1.38-dfsg-0ubuntu1.16.04.2","5.1.38-dfsg-0ubuntu1.16.04.3"],"ecosystem_specific":{"binaries":[{"binary_name":"virtualbox","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-dkms","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-guest-dkms","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-guest-source","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-guest-utils","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-guest-x11","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-qt","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"},{"binary_name":"virtualbox-source","binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-21987.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@5.2.42-dfsg-0~ubuntu1.18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.1.30-dfsg-1","5.2.0-dfsg-1build2","5.2.0-dfsg-2","5.2.0-dfsg-4","5.2.0-dfsg-5","5.2.2-dfsg-2","5.2.2-dfsg-3~build1","5.2.2-dfsg-3","5.2.4-dfsg-1","5.2.4-dfsg-2","5.2.6-dfsg-1","5.2.6-dfsg-2","5.2.6-dfsg-3","5.2.6-dfsg-3build1","5.2.6-dfsg-5","5.2.8-dfsg-2","5.2.8-dfsg-3","5.2.8-dfsg-5","5.2.8-dfsg-6","5.2.8-dfsg-7","5.2.10-dfsg-1","5.2.10-dfsg-2","5.2.10-dfsg-5","5.2.10-dfsg-6","5.2.10-dfsg-6ubuntu18.04.1","5.2.18-dfsg-2~ubuntu18.04.1","5.2.18-dfsg-2~ubuntu18.04.3","5.2.18-dfsg-2~ubuntu18.04.5","5.2.32-dfsg-0~ubuntu18.04.1","5.2.34-dfsg-0~ubuntu18.04.1","5.2.42-dfsg-0~ubuntu1.18.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"virtualbox","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-dkms","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-guest-dkms","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-guest-source","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-guest-utils","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-guest-x11","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-qt","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"},{"binary_name":"virtualbox-source","binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-21987.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@6.1.50-dfsg-1~ubuntu1.20.04.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.0.14-dfsg-1","6.0.14-dfsg-2~build1","6.0.14-dfsg-2","6.1.0-dfsg-3build1","6.1.0-dfsg-3build2","6.1.2-dfsg-1","6.1.2-dfsg-1build1","6.1.4-dfsg-1","6.1.4-dfsg-2~build1","6.1.4-dfsg-2","6.1.4-dfsg-4","6.1.6-dfsg-1","6.1.10-dfsg-1~ubuntu1.20.04.1","6.1.16-dfsg-6~ubuntu1.20.04.1","6.1.16-dfsg-6~ubuntu1.20.04.2","6.1.22-dfsg-2~ubuntu1.20.04.1","6.1.26-dfsg-3~ubuntu1.20.04.1","6.1.26-dfsg-3~ubuntu1.20.04.2","6.1.32-dfsg-1~ubuntu1.20.04.1","6.1.34-dfsg-3~ubuntu1.20.04.1","6.1.38-dfsg-3~ubuntu1.20.04.1","6.1.48-dfsg-1~ubuntu1.20.04.1","6.1.50-dfsg-1~ubuntu1.20.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"virtualbox","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-dkms","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-guest-dkms","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-guest-source","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-guest-utils","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-guest-x11","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-qt","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"},{"binary_name":"virtualbox-source","binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-21987.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@6.1.50-dfsg-1~ubuntu1.22.04.3?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.1.26-dfsg-4","6.1.28-dfsg-1","6.1.30-dfsg-1","6.1.32-dfsg-1","6.1.32-dfsg-1build1","6.1.34-dfsg-3~ubuntu1.22.04.1","6.1.38-dfsg-3~ubuntu1.22.04.1","6.1.48-dfsg-1~ubuntu1.22.04.1","6.1.50-dfsg-1~ubuntu1.22.04.1","6.1.50-dfsg-1~ubuntu1.22.04.3"],"ecosystem_specific":{"binaries":[{"binary_name":"virtualbox","binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3"},{"binary_name":"virtualbox-dkms","binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3"},{"binary_name":"virtualbox-guest-utils","binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3"},{"binary_name":"virtualbox-guest-x11","binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3"},{"binary_name":"virtualbox-qt","binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3"},{"binary_name":"virtualbox-source","binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-21987.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@7.0.16-dfsg-2ubuntu1.3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.0.10-dfsg-3","7.0.12-dfsg-1","7.0.12-dfsg-1build1","7.0.14-dfsg-1","7.0.14-dfsg-2","7.0.14-dfsg-4","7.0.14-dfsg-4build4","7.0.14-dfsg-4build5","7.0.16-dfsg-1","7.0.16-dfsg-2","7.0.16-dfsg-2ubuntu1","7.0.16-dfsg-2ubuntu1.1","7.0.16-dfsg-2ubuntu1.3"],"ecosystem_specific":{"binaries":[{"binary_name":"virtualbox","binary_version":"7.0.16-dfsg-2ubuntu1.3"},{"binary_name":"virtualbox-dkms","binary_version":"7.0.16-dfsg-2ubuntu1.3"},{"binary_name":"virtualbox-guest-utils","binary_version":"7.0.16-dfsg-2ubuntu1.3"},{"binary_name":"virtualbox-guest-x11","binary_version":"7.0.16-dfsg-2ubuntu1.3"},{"binary_name":"virtualbox-qt","binary_version":"7.0.16-dfsg-2ubuntu1.3"},{"binary_name":"virtualbox-source","binary_version":"7.0.16-dfsg-2ubuntu1.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-21987.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}