CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

CVSS v3 8.8 HIGH
CVSS v2.0 7.2 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2016-0724.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0725.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0997.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0999.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1000.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1001.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1002.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1019.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1943.html	Third Party Advisory
http://support.citrix.com/article/CTX212736	Third Party Advisory
http://www.debian.org/security/2016/dsa-3573	Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/05/09/3	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Third Party Advisory
http://www.securityfocus.com/bid/90316	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1035794	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2974-1	Third Party Advisory
http://xenbits.xen.org/xsa/advisory-179.html	Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1224	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862	Third Party Advisory Vendor Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html	Mailing List Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:hp:helion_openstack:2.0.0:::::::*
	cpe:2.3:a:hp:helion_openstack:2.1.0:::::::*
	cpe:2.3:a:hp:helion_openstack:2.1.2:::::::*
	cpe:2.3:a:hp:helion_openstack:2.1.4:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

Configuration 4 (hide)

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:a:qemu:qemu:2.6.0:rc0::::::
	cpe:2.3:a:qemu:qemu:2.6.0:rc1::::::
	cpe:2.3:a:qemu:qemu:2.6.0:rc2::::::
	cpe:2.3:a:qemu:qemu:2.6.0:rc3::::::
	cpe:2.3:a:qemu:qemu:2.6.0:rc4::::::

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:vm_server:3.2::::::x86:
	cpe:2.3:a:oracle:vm_server:3.3::::::x86:
	cpe:2.3:a:oracle:vm_server:3.4::::::x86:
	cpe:2.3:o:oracle:linux:5:-::::::
	cpe:2.3:o:oracle:linux:6:-::::::
	cpe:2.3:o:oracle:linux:7:-::::::

Configuration 6 (hide)

cpe:2.3:a:citrix:xenserver:*:*:*:*:*:*:*:*

Configuration 7 (hide)

OR	cpe:2.3:a:redhat:openstack:5.0:::::::*
	cpe:2.3:a:redhat:openstack:6.0:::::::*
	cpe:2.3:a:redhat:openstack:7.0:::::::*
	cpe:2.3:a:redhat:openstack:8:::::::*
	cpe:2.3:a:redhat:virtualization:3.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

04 Aug 2021, 17:15

Type	Values Removed	Values Added
CPE	cpe:2.3:a:redhat:openstack:8.0:::::::*	cpe:2.3:a:redhat:openstack:8:::::::*

Information

Published : 2016-05-11 21:59

Updated : 2023-12-10 11:46

NVD link : CVE-2016-3710

Mitre link : CVE-2016-3710

CVE.ORG link : CVE-2016-3710

JSON object : View

Products Affected

debian

debian_linux

redhat

enterprise_linux_server_aus
enterprise_linux_server_eus
openstack
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linux_workstation
virtualization

qemu

qemu

helion_openstack

oracle

linux
vm_server

citrix

xenserver

canonical

ubuntu_linux

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

8.8 /10