{"id":"UBUNTU-CVE-2023-21998","details":"Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).  Supported versions that are affected are Prior to 6.1.44 and  Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox.  While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as  unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N).","modified":"2026-03-24T11:14:05.637349Z","published":"2023-04-18T20:15:00Z","upstream":["CVE-2023-21998"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-21998"},{"type":"REPORT","url":"https://www.oracle.com/security-alerts/cpuapr2023.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2023-21998"}],"affected":[{"package":{"name":"virtualbox","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@5.1.38-dfsg-0ubuntu1.16.04.3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.0.4-dfsg-2","5.0.8-dfsg-1","5.0.10-dfsg-1","5.0.10-dfsg-2","5.0.10-dfsg-3","5.0.10-dfsg-4","5.0.10-dfsg-5","5.0.10-dfsg-6","5.0.10-dfsg-7","5.0.12-dfsg-1","5.0.12-dfsg-2","5.0.14-dfsg-1","5.0.14-dfsg-2","5.0.14-dfsg-2build1","5.0.16-dfsg-2","5.0.16-dfsg-3","5.0.18-dfsg-1","5.0.18-dfsg-1ubuntu1","5.0.18-dfsg-2","5.0.18-dfsg-2build1","5.0.18-dfsg-2ubuntu1","5.0.24-dfsg-0ubuntu1.16.04.1","5.0.32-dfsg-0ubuntu1.16.04.2","5.0.36-dfsg-0ubuntu1.16.04.2","5.0.40-dfsg-0ubuntu1.16.04.1","5.0.40-dfsg-0ubuntu1.16.04.2","5.1.34-dfsg-0ubuntu1.16.04.2","5.1.38-dfsg-0ubuntu1.16.04.1","5.1.38-dfsg-0ubuntu1.16.04.2","5.1.38-dfsg-0ubuntu1.16.04.3"],"ecosystem_specific":{"binaries":[{"binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3","binary_name":"virtualbox"},{"binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3","binary_name":"virtualbox-dkms"},{"binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3","binary_name":"virtualbox-guest-dkms"},{"binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3","binary_name":"virtualbox-guest-source"},{"binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3","binary_name":"virtualbox-guest-utils"},{"binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3","binary_name":"virtualbox-guest-x11"},{"binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3","binary_name":"virtualbox-qt"},{"binary_version":"5.1.38-dfsg-0ubuntu1.16.04.3","binary_name":"virtualbox-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-21998.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@5.2.42-dfsg-0~ubuntu1.18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.1.30-dfsg-1","5.2.0-dfsg-1build2","5.2.0-dfsg-2","5.2.0-dfsg-4","5.2.0-dfsg-5","5.2.2-dfsg-2","5.2.2-dfsg-3~build1","5.2.2-dfsg-3","5.2.4-dfsg-1","5.2.4-dfsg-2","5.2.6-dfsg-1","5.2.6-dfsg-2","5.2.6-dfsg-3","5.2.6-dfsg-3build1","5.2.6-dfsg-5","5.2.8-dfsg-2","5.2.8-dfsg-3","5.2.8-dfsg-5","5.2.8-dfsg-6","5.2.8-dfsg-7","5.2.10-dfsg-1","5.2.10-dfsg-2","5.2.10-dfsg-5","5.2.10-dfsg-6","5.2.10-dfsg-6ubuntu18.04.1","5.2.18-dfsg-2~ubuntu18.04.1","5.2.18-dfsg-2~ubuntu18.04.3","5.2.18-dfsg-2~ubuntu18.04.5","5.2.32-dfsg-0~ubuntu18.04.1","5.2.34-dfsg-0~ubuntu18.04.1","5.2.42-dfsg-0~ubuntu1.18.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1","binary_name":"virtualbox"},{"binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1","binary_name":"virtualbox-dkms"},{"binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1","binary_name":"virtualbox-guest-dkms"},{"binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1","binary_name":"virtualbox-guest-source"},{"binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1","binary_name":"virtualbox-guest-utils"},{"binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1","binary_name":"virtualbox-guest-x11"},{"binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1","binary_name":"virtualbox-qt"},{"binary_version":"5.2.42-dfsg-0~ubuntu1.18.04.1","binary_name":"virtualbox-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-21998.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@6.1.50-dfsg-1~ubuntu1.20.04.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.0.14-dfsg-1","6.0.14-dfsg-2~build1","6.0.14-dfsg-2","6.1.0-dfsg-3build1","6.1.0-dfsg-3build2","6.1.2-dfsg-1","6.1.2-dfsg-1build1","6.1.4-dfsg-1","6.1.4-dfsg-2~build1","6.1.4-dfsg-2","6.1.4-dfsg-4","6.1.6-dfsg-1","6.1.10-dfsg-1~ubuntu1.20.04.1","6.1.16-dfsg-6~ubuntu1.20.04.1","6.1.16-dfsg-6~ubuntu1.20.04.2","6.1.22-dfsg-2~ubuntu1.20.04.1","6.1.26-dfsg-3~ubuntu1.20.04.1","6.1.26-dfsg-3~ubuntu1.20.04.2","6.1.32-dfsg-1~ubuntu1.20.04.1","6.1.34-dfsg-3~ubuntu1.20.04.1","6.1.38-dfsg-3~ubuntu1.20.04.1","6.1.48-dfsg-1~ubuntu1.20.04.1","6.1.50-dfsg-1~ubuntu1.20.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1","binary_name":"virtualbox"},{"binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1","binary_name":"virtualbox-dkms"},{"binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1","binary_name":"virtualbox-guest-dkms"},{"binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1","binary_name":"virtualbox-guest-source"},{"binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1","binary_name":"virtualbox-guest-utils"},{"binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1","binary_name":"virtualbox-guest-x11"},{"binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1","binary_name":"virtualbox-qt"},{"binary_version":"6.1.50-dfsg-1~ubuntu1.20.04.1","binary_name":"virtualbox-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-21998.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@6.1.50-dfsg-1~ubuntu1.22.04.3?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.1.26-dfsg-4","6.1.28-dfsg-1","6.1.30-dfsg-1","6.1.32-dfsg-1","6.1.32-dfsg-1build1","6.1.34-dfsg-3~ubuntu1.22.04.1","6.1.38-dfsg-3~ubuntu1.22.04.1","6.1.48-dfsg-1~ubuntu1.22.04.1","6.1.50-dfsg-1~ubuntu1.22.04.1","6.1.50-dfsg-1~ubuntu1.22.04.3"],"ecosystem_specific":{"binaries":[{"binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3","binary_name":"virtualbox"},{"binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3","binary_name":"virtualbox-dkms"},{"binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3","binary_name":"virtualbox-guest-utils"},{"binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3","binary_name":"virtualbox-guest-x11"},{"binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3","binary_name":"virtualbox-qt"},{"binary_version":"6.1.50-dfsg-1~ubuntu1.22.04.3","binary_name":"virtualbox-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-21998.json"}},{"package":{"name":"virtualbox","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/virtualbox@7.0.16-dfsg-2ubuntu1.3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.0.10-dfsg-3","7.0.12-dfsg-1","7.0.12-dfsg-1build1","7.0.14-dfsg-1","7.0.14-dfsg-2","7.0.14-dfsg-4","7.0.14-dfsg-4build4","7.0.14-dfsg-4build5","7.0.16-dfsg-1","7.0.16-dfsg-2","7.0.16-dfsg-2ubuntu1","7.0.16-dfsg-2ubuntu1.1","7.0.16-dfsg-2ubuntu1.3"],"ecosystem_specific":{"binaries":[{"binary_version":"7.0.16-dfsg-2ubuntu1.3","binary_name":"virtualbox"},{"binary_version":"7.0.16-dfsg-2ubuntu1.3","binary_name":"virtualbox-dkms"},{"binary_version":"7.0.16-dfsg-2ubuntu1.3","binary_name":"virtualbox-guest-utils"},{"binary_version":"7.0.16-dfsg-2ubuntu1.3","binary_name":"virtualbox-guest-x11"},{"binary_version":"7.0.16-dfsg-2ubuntu1.3","binary_name":"virtualbox-qt"},{"binary_version":"7.0.16-dfsg-2ubuntu1.3","binary_name":"virtualbox-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-21998.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}