Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2016-3710

Published: 11/05/2016 Updated: 04/08/2021
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Debian

Vulnerability Summary

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 8.0

hp helion openstack 2.0.0

hp helion openstack 2.1.0

hp helion openstack 2.1.2

hp helion openstack 2.1.4

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 15.10

canonical ubuntu linux 12.04

qemu qemu

qemu qemu 2.6.0

oracle vm server 3.2

oracle vm server 3.3

oracle vm server 3.4

oracle linux 5

oracle linux 6

oracle linux 7

citrix xenserver

redhat openstack 5.0

redhat openstack 6.0

redhat openstack 7.0

redhat openstack 8

redhat virtualization 3.0

redhat enterprise linux desktop 6.0

redhat enterprise linux desktop 7.0

redhat enterprise linux server 6.0

redhat enterprise linux server 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux server aus 7.6

redhat enterprise linux server eus 7.2

redhat enterprise linux server eus 7.3

redhat enterprise linux server eus 7.4

redhat enterprise linux server eus 7.5

redhat enterprise linux server eus 7.6

redhat enterprise linux server eus 7.7

redhat enterprise linux server tus 7.2

redhat enterprise linux server tus 7.3

redhat enterprise linux server tus 7.6

redhat enterprise linux server tus 7.7

redhat enterprise linux workstation 6.0

redhat enterprise linux workstation 7.0

Vendor Advisories

Red Hat: Important: kvm security update
Synopsis Important: kvm security update Type/Severity Security Advisory: Important Topic An update for kvm is now available for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Debian Security Advisories: DSA-3573-1 qemu -- security update
Several vulnerabilities were discovered in qemu, a fast processor emulator CVE-2016-3710 Wei Xiao and Qinghao Tang of 360cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2538: usb: integer overflow in remote NDIS control message handling
Debian Bug report logs - #815680 qemu: CVE-2016-2538: usb: integer overflow in remote NDIS control message handling Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 23 Feb 2016 16:54:02 UTC Severit ...
Debian CVElist Bug Report Logs: CVE-2016-2197: ide: ahci null pointer dereference when using FIS CLB engines
Debian Bug report logs - #813194 CVE-2016-2197: ide: ahci null pointer dereference when using FIS CLB engines Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Sat, 30 Jan 2016 11:30:01 UTC Severity: important T ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-4001: net: buffer overflow in stellaris_enet emulator
Debian Bug report logs - #821038 qemu: CVE-2016-4001: net: buffer overflow in stellaris_enet emulator Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 14 Apr 2016 21:18:05 UTC Severity: important T ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2392: usb: null pointer dereference in remote NDIS control message handling
Debian Bug report logs - #815008 qemu: CVE-2016-2392: usb: null pointer dereference in remote NDIS control message handling Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Feb 2016 16:42:01 UTC ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive
Debian Bug report logs - #817181 qemu: CVE-2016-2841: net: ne2000: infinite loop in ne2000_receive Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 8 Mar 2016 19:18:02 UTC Severity: important Tags ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2858: rng-random: arbitrary stack based allocation leading to corruption
Debian Bug report logs - #817183 qemu: CVE-2016-2858: rng-random: arbitrary stack based allocation leading to corruption Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 8 Mar 2016 19:21:02 UTC Se ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2391: usb: multiple eof_timers in ohci leads to null pointer dereference
Debian Bug report logs - #815009 qemu: CVE-2016-2391: usb: multiple eof_timers in ohci leads to null pointer dereference Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Feb 2016 16:42:06 UTC Se ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-4037: usb: Infinite loop vulnerability in usb_ehci using siTD process
Debian Bug report logs - #822344 qemu: CVE-2016-4037: usb: Infinite loop vulnerability in usb_ehci using siTD process Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 23 Apr 2016 17:27:01 UTC Sever ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-2857: net: out of bounds read in net_checksum_calculate
Debian Bug report logs - #817182 qemu: CVE-2016-2857: net: out of bounds read in net_checksum_calculate Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 8 Mar 2016 19:18:06 UTC Severity: important ...
Debian CVElist Bug Report Logs: CVE-2016-2198: usb: ehci null pointer dereference in ehci_caps_write
Debian Bug report logs - #813193 CVE-2016-2198: usb: ehci null pointer dereference in ehci_caps_write Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Sat, 30 Jan 2016 11:24:01 UTC Severity: important Tags: pat ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-3710 CVE-2016-3712
Debian Bug report logs - #823830 qemu: CVE-2016-3710 CVE-2016-3712 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 9 May 2016 12:27:02 UTC Severity: grave Tags: security, upstream Found in versi ...
Citrix Security Bulletins: Citrix XenServer Multiple Security Updates
Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of a guest VM (depending on configuration) or an attacker on the management network to compromise the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and includin ...

References

CWE-119http://www.openwall.com/lists/oss-security/2016/05/09/3https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.htmlhttp://xenbits.xen.org/xsa/advisory-179.htmlhttp://www.securitytracker.com/id/1035794http://www.debian.org/security/2016/dsa-3573https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862http://www.ubuntu.com/usn/USN-2974-1http://rhn.redhat.com/errata/RHSA-2016-1019.htmlhttps://access.redhat.com/errata/RHSA-2016:1224http://rhn.redhat.com/errata/RHSA-2016-1002.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1001.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0725.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0999.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1000.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0724.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0997.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlhttp://www.securityfocus.com/bid/90316http://support.citrix.com/article/CTX212736http://rhn.redhat.com/errata/RHSA-2016-1943.htmlhttps://access.redhat.com/errata/RHSA-2016:1943https://usn.ubuntu.com/2974-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook