ALT-PU-2016-1491-1
Closed vulnerabilities
Published: 2016-05-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-3710
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References:
- RHSA-2016:0724
- RHSA-2016:0724
- RHSA-2016:0725
- RHSA-2016:0725
- RHSA-2016:0997
- RHSA-2016:0997
- RHSA-2016:0999
- RHSA-2016:0999
- RHSA-2016:1000
- RHSA-2016:1000
- RHSA-2016:1001
- RHSA-2016:1001
- RHSA-2016:1002
- RHSA-2016:1002
- RHSA-2016:1019
- RHSA-2016:1019
- RHSA-2016:1943
- RHSA-2016:1943
- http://support.citrix.com/article/CTX212736
- http://support.citrix.com/article/CTX212736
- DSA-3573
- DSA-3573
- [oss-security] 20160509 CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue
- [oss-security] 20160509 CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 90316
- 90316
- 1035794
- 1035794
- USN-2974-1
- USN-2974-1
- http://xenbits.xen.org/xsa/advisory-179.html
- http://xenbits.xen.org/xsa/advisory-179.html
- RHSA-2016:1224
- RHSA-2016:1224
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
- [Qemu-devel] 20160509 [PULL 1/5] vga: fix banked access bounds checking (CVE-2016-3710)
- [Qemu-devel] 20160509 [PULL 1/5] vga: fix banked access bounds checking (CVE-2016-3710)
Published: 2016-05-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-3712
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- RHSA-2016:2585
- RHSA-2016:2585
- RHSA-2017:0621
- RHSA-2017:0621
- http://support.citrix.com/article/CTX212736
- http://support.citrix.com/article/CTX212736
- DSA-3573
- DSA-3573
- [oss-security] 20160509 CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues
- [oss-security] 20160509 CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 90314
- 90314
- 1035794
- 1035794
- USN-2974-1
- USN-2974-1
- http://xenbits.xen.org/xsa/advisory-179.html
- http://xenbits.xen.org/xsa/advisory-179.html
- [Qemu-devel] 20160509 [PULL 5/5] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).
- [Qemu-devel] 20160509 [PULL 5/5] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).