CVE-2016-3710
Summary
| CVE | CVE-2016-3710 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-05-11 21:59:00 UTC |
| Updated | 2021-08-04 17:15:00 UTC |
| Description | The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Application | Citrix | Xenserver | All | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Application | Hp | Helion Openstack | 2.0.0 | All | All | All |
| Application | Hp | Helion Openstack | 2.1.0 | All | All | All |
| Application | Hp | Helion Openstack | 2.1.2 | All | All | All |
| Application | Hp | Helion Openstack | 2.1.4 | All | All | All |
| Application | Hp | Helion Openstack | 2.0.0 | All | All | All |
| Application | Hp | Helion Openstack | 2.1.0 | All | All | All |
| Application | Hp | Helion Openstack | 2.1.2 | All | All | All |
| Application | Hp | Helion Openstack | 2.1.4 | All | All | All |
| Operating System | Oracle | Linux | 5 | - | All | All |
| Operating System | Oracle | Linux | 6 | - | All | All |
| Operating System | Oracle | Linux | 7 | - | All | All |
| Operating System | Oracle | Linux | 5 | - | All | All |
| Operating System | Oracle | Linux | 6 | - | All | All |
| Operating System | Oracle | Linux | 7 | - | All | All |
| Application | Oracle | Vm Server | 3.2 | All | All | All |
| Application | Oracle | Vm Server | 3.3 | All | All | All |
| Application | Oracle | Vm Server | 3.4 | All | All | All |
| Application | Oracle | Vm Server | 3.2 | All | All | All |
| Application | Oracle | Vm Server | 3.3 | All | All | All |
| Application | Oracle | Vm Server | 3.4 | All | All | All |
| Application | Qemu | Qemu | 2.6.0 | rc0 | All | All |
| Application | Qemu | Qemu | 2.6.0 | rc1 | All | All |
| Application | Qemu | Qemu | 2.6.0 | rc2 | All | All |
| Application | Qemu | Qemu | 2.6.0 | rc3 | All | All |
| Application | Qemu | Qemu | 2.6.0 | rc4 | All | All |
| Application | Qemu | Qemu | 2.6.0 | rc0 | All | All |
| Application | Qemu | Qemu | 2.6.0 | rc1 | All | All |
| Application | Qemu | Qemu | 2.6.0 | rc2 | All | All |
| Application | Qemu | Qemu | 2.6.0 | rc3 | All | All |
| Application | Qemu | Qemu | 2.6.0 | rc4 | All | All |
| Application | Qemu | Qemu | All | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Application | Redhat | Openstack | 5.0 | All | All | All |
| Application | Redhat | Openstack | 6.0 | All | All | All |
| Application | Redhat | Openstack | 7.0 | All | All | All |
| Application | Redhat | Openstack | 8 | All | All | All |
| Application | Redhat | Openstack | 8.0 | All | All | All |
| Application | Redhat | Openstack | 5.0 | All | All | All |
| Application | Redhat | Openstack | 6.0 | All | All | All |
| Application | Redhat | Openstack | 7.0 | All | All | All |
| Application | Redhat | Openstack | 8.0 | All | All | All |
| Application | Redhat | Virtualization | 3.0 | All | All | All |
| Application | Redhat | Virtualization | 3.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Xen Qemu VGA Module Bugs Let Local Users on the Guest Deny Service on the Guest or Gain Elevated Privileges on the Host System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [Qemu-devel] [PULL 1/5] vga: fix banked access bounds checking (CVE-2016 | MLIST | lists.gnu.org | Mailing List, Patch, Third Party Advisory |
| Oracle Linux Bulletin - October 2016 | CONFIRM | www.oracle.com | Third Party Advisory |
| QEMU CVE-2016-3710 Remote Code Execution Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Oracle Linux Bulletin - April 2016 | CONFIRM | www.oracle.com | Third Party Advisory |
| Oracle VM Server for x86 Bulletin - July 2016 | CONFIRM | www.oracle.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| oss-security - CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| XSA-179 - Xen Security Advisories | CONFIRM | xenbits.xen.org | Third Party Advisory |
| Debian -- Security Information -- DSA-3573-1 qemu | DEBIAN | www.debian.org | Third Party Advisory |
| USN-2974-1: QEMU vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Document Display | HPE Support Center | CONFIRM | h20566.www2.hpe.com | Third Party Advisory, Vendor Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Citrix XenServer Multiple Security Updates | CONFIRM | support.citrix.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.