CVE-2019-3005
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A high-privileged attacker with local access can cause a denial of service in Oracle VM VirtualBox versions prior to 5.2.34 and 6.0.14.
Vulnerability
This vulnerability exists in the Core component of Oracle VM VirtualBox, affecting versions prior to 5.2.34 and prior to 6.0.14 [1]. The bug lies within an unspecified core function that can be triggered by a high-privileged attacker who has logged on to the operating system where VirtualBox is installed.
Exploitation
An attacker must have high privileges (e.g., root or Administrator) on the host system and must be able to log on locally to the environment where VirtualBox runs. No user interaction or complex timing is required [1]. The attacker can then exploit the vulnerability through the VirtualBox core component, likely by invoking a specific operation that triggers the flaw.
Impact
Successful exploitation results in a denial of service (DoS) causing a hang or frequently repeatable crash of VirtualBox, making it unavailable [1]. The impact extends beyond VirtualBox itself, potentially affecting other products or services relying on the vulnerable host, as indicated by the CVSS scope change (S:C) [description].
Mitigation
Oracle released fixed versions: VirtualBox 5.2.34 and 6.0.14 [description]. Gentoo advisories recommend upgrading to the latest available versions for each branch (e.g., 5.2.36, 6.0.16, 6.1.2 or later) [1][2]. No workaround is known [1]. Users should apply the update as soon as possible.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <5.2.34, <6.0.14
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- security.gentoo.org/glsa/202004-02mitrevendor-advisoryx_refsource_GENTOO
- security.gentoo.org/glsa/202101-09mitrevendor-advisoryx_refsource_GENTOO
- www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.