Arch Linux update for virtualbox
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2021-2073 CVE-2021-2074 CVE-2021-2086 CVE-2021-2111 CVE-2021-2112 CVE-2021-2119 CVE-2021-2120 CVE-2021-2121 CVE-2021-2123 CVE-2021-2124 CVE-2021-2125 CVE-2021-2126 CVE-2021-2127 CVE-2021-2128 CVE-2021-2129 CVE-2021-2130 CVE-2021-2131 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #6 is available. |
| Vulnerable software Subscribe |
Arch Linux Operating systems & Components / Operating system |
| Vendor | Arch Linux |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU49875
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2073
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Improper input validation
EUVDB-ID: #VU49862
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2074
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Improper input validation
EUVDB-ID: #VU49865
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2086
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Improper input validation
EUVDB-ID: #VU49866
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2111
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Improper input validation
EUVDB-ID: #VU49867
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2112
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Improper input validation
EUVDB-ID: #VU49870
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2119
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Improper input validation
EUVDB-ID: #VU49871
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Improper input validation
EUVDB-ID: #VU49868
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2121
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Improper input validation
EUVDB-ID: #VU49878
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2123
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Improper input validation
EUVDB-ID: #VU49869
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2124
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to a crash the entire system.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to a crash the entire system.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Improper input validation
EUVDB-ID: #VU49874
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2125
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to read and manipulate data.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Improper input validation
EUVDB-ID: #VU49872
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2126
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to manipulate data.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Improper input validation
EUVDB-ID: #VU49876
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2127
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
14) Improper input validation
EUVDB-ID: #VU49864
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2128
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
15) Improper input validation
EUVDB-ID: #VU49863
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2129
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to read and manipulate data.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
16) Improper input validation
EUVDB-ID: #VU49877
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2130
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
17) Improper input validation
EUVDB-ID: #VU49873
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-2131
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to manipulate data.
MitigationUpdate the affected package virtualbox to version 6.1.18-1.
Vulnerable software versionsArch Linux: All versions
CPE2.3 External links
http://security.archlinux.org/advisory/ASA-202101-37
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
