CVE-2016-3710

high

Description

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

References

https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862

https://access.redhat.com/errata/RHSA-2016:1224

http://xenbits.xen.org/xsa/advisory-179.html

http://www.ubuntu.com/usn/USN-2974-1

http://www.securitytracker.com/id/1035794

http://www.securityfocus.com/bid/90316

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.openwall.com/lists/oss-security/2016/05/09/3

http://www.debian.org/security/2016/dsa-3573

http://support.citrix.com/article/CTX212736

http://rhn.redhat.com/errata/RHSA-2016-1943.html

http://rhn.redhat.com/errata/RHSA-2016-1019.html

http://rhn.redhat.com/errata/RHSA-2016-1002.html

http://rhn.redhat.com/errata/RHSA-2016-1001.html

http://rhn.redhat.com/errata/RHSA-2016-1000.html

http://rhn.redhat.com/errata/RHSA-2016-0999.html

http://rhn.redhat.com/errata/RHSA-2016-0997.html

http://rhn.redhat.com/errata/RHSA-2016-0725.html

http://rhn.redhat.com/errata/RHSA-2016-0724.html

Details

Source: Mitre, NVD

Published: 2016-05-11

Updated: 2021-08-04

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: High