Lucene search

RedhatCVE-2016-3710

HistoryMay 11, 2016 - 9:59 p.m.

CVE-2016-3710

2016-05-1121:59:01

CWE-119

redhat

web.nvd.nist.gov

101

qemu

vga module

local access

arbitrary code execution

bounds checking

security vulnerability

nvd

cve-2016-3710

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

58.4%

JSON

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the “Dark Portal” issue.

Affected configurations

Nvd

Node

debiandebian_linuxMatch8.0

Node

hphelion_openstackMatch2.0.0

hphelion_openstackMatch2.1.0

hphelion_openstackMatch2.1.2

hphelion_openstackMatch2.1.4

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.10

canonicalubuntu_linuxMatch16.04lts

Node

qemuqemuRange≤2.5.1

qemuqemuMatch2.6.0rc0

qemuqemuMatch2.6.0rc1

qemuqemuMatch2.6.0rc2

qemuqemuMatch2.6.0rc3

qemuqemuMatch2.6.0rc4

Node

oraclevm_serverMatch3.2x86

oraclevm_serverMatch3.3x86

oraclevm_serverMatch3.4x86

oraclelinuxMatch5-

oraclelinuxMatch6-

oraclelinuxMatch7-

Node

citrixxenserverRange≤7.0

Node

redhatopenstackMatch5.0

redhatopenstackMatch6.0

redhatopenstackMatch7.0

redhatopenstackMatch8

redhatvirtualizationMatch3.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.2

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_eusMatch7.2

redhatenterprise_linux_server_eusMatch7.3

redhatenterprise_linux_server_eusMatch7.4

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_server_eusMatch7.7

redhatenterprise_linux_server_tusMatch7.2

redhatenterprise_linux_server_tusMatch7.3

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

VendorProductVersionCPE
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
hphelion_openstack2.0.0cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*
hphelion_openstack2.1.0cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*
hphelion_openstack2.1.2cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*
hphelion_openstack2.1.4cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonicalubuntu_linux15.10cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
qemuqemu*cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
hp	helion_openstack	2.0.0	cpe:2.3:a:hp:helion_openstack:2.0.0:::::::*
hp	helion_openstack	2.1.0	cpe:2.3:a:hp:helion_openstack:2.1.0:::::::*
hp	helion_openstack	2.1.2	cpe:2.3:a:hp:helion_openstack:2.1.2:::::::*
hp	helion_openstack	2.1.4	cpe:2.3:a:hp:helion_openstack:2.1.4:::::::*
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
canonical	ubuntu_linux	15.10	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
qemu	qemu	*	cpe:2.3:a:qemu:qemu::::::::