Lucene search

[email protected]CVE-2016-3710

HistoryMay 11, 2016 - 9:59 p.m.

CVE-2016-3710

2016-05-1121:59:01

CWE-119

[email protected]

web.nvd.nist.gov

qemu

vga module

local access

arbitrary code execution

bounds checking

security vulnerability

nvd

cve-2016-3710

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the “Dark Portal” issue.

Affected configurations

NVD

Node

debiandebian_linuxMatch8.0

Node

hphelion_openstackMatch2.0.0

hphelion_openstackMatch2.1.0

hphelion_openstackMatch2.1.2

hphelion_openstackMatch2.1.4

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.10

canonicalubuntu_linuxMatch16.04lts

Node

qemuqemuRange≤2.5.1

qemuqemuMatch2.6.0rc0

qemuqemuMatch2.6.0rc1

qemuqemuMatch2.6.0rc2

qemuqemuMatch2.6.0rc3

qemuqemuMatch2.6.0rc4

Node

oraclevm_serverMatch3.2x86

oraclevm_serverMatch3.3x86

oraclevm_serverMatch3.4x86

oraclelinuxMatch5-

oraclelinuxMatch6-

oraclelinuxMatch7-

Node

citrixxenserverRange≤7.0

Node

redhatopenstackMatch5.0

redhatopenstackMatch6.0

redhatopenstackMatch7.0

redhatopenstackMatch8

redhatvirtualizationMatch3.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.2

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_eusMatch7.2

redhatenterprise_linux_server_eusMatch7.3

redhatenterprise_linux_server_eusMatch7.4

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_server_eusMatch7.7

redhatenterprise_linux_server_tusMatch7.2

redhatenterprise_linux_server_tusMatch7.3

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

CPENameOperatorVersion
debian:debian_linuxdebian debian linuxeq8.0

CPE	Name	Operator	Version
debian:debian_linux	debian debian linux	eq	8.0

References

rhn.redhat.com/errata/RHSA-2016-0724.html

rhn.redhat.com/errata/RHSA-2016-0725.html

rhn.redhat.com/errata/RHSA-2016-0997.html

rhn.redhat.com/errata/RHSA-2016-0999.html

rhn.redhat.com/errata/RHSA-2016-1000.html

rhn.redhat.com/errata/RHSA-2016-1001.html

rhn.redhat.com/errata/RHSA-2016-1002.html

rhn.redhat.com/errata/RHSA-2016-1019.html

rhn.redhat.com/errata/RHSA-2016-1943.html

support.citrix.com/article/CTX212736

www.debian.org/security/2016/dsa-3573

www.openwall.com/lists/oss-security/2016/05/09/3

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/90316

www.securitytracker.com/id/1035794

www.ubuntu.com/usn/USN-2974-1

xenbits.xen.org/xsa/advisory-179.html

access.redhat.com/errata/RHSA-2016:1224

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862

lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

Related for CVE-2016-3710

nessus43 redhat10 prion1 centos3 openvas31 veracode1 debiancve1 oraclelinux6 nvd1 ubuntucve1 cvelist1 redhatcve1 debian5 osv4 fedora5 xen1 freebsd1 ibm2 archlinux2 ubuntu1 suse12 mageia2