CVE-2016-3710
Published May 11, 2016
Last updated 3 years ago
Overview
- Description
- The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 6
- Exploitability score
- 2
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46D566AF-D1DE-4EAD-B881-DC40D1DE780C"
},
{
"criteria": "cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81BED703-422A-4937-8BF0-F83C248188F9"
},
{
"criteria": "cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A241BABC-E6A8-43B1-BED6-77FC38E337BD"
},
{
"criteria": "cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBE8AEFE-C74B-4E24-8EBA-35207DE756E3"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26A04769-0D4E-4B7B-B54C-C686FB69D85A",
"versionEndIncluding": "2.5.1"
},
{
"criteria": "cpe:2.3:a:qemu:qemu:2.6.0:rc0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "544B3E62-7AE7-4925-9E50-CAFDAD5A3851"
},
{
"criteria": "cpe:2.3:a:qemu:qemu:2.6.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8C11472-2B2A-4110-A04B-5CFBA0763432"
},
{
"criteria": "cpe:2.3:a:qemu:qemu:2.6.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECD3B63B-1388-4C24-B9B9-043C04FE1F1B"
},
{
"criteria": "cpe:2.3:a:qemu:qemu:2.6.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B10C154A-F559-4BE1-94AE-8619D4634564"
},
{
"criteria": "cpe:2.3:a:qemu:qemu:2.6.0:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7126355-4164-4E54-BCC3-D3D6D1E5AF81"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "FC9E8528-0FB8-4BF0-A9EF-6CC84A2631A1"
},
{
"criteria": "cpe:2.3:a:oracle:vm_server:3.3:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "8663D0AF-825D-48FC-8AED-498434A0AA76"
},
{
"criteria": "cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "457955E5-41E5-4E17-8435-AA0F6F757A21"
},
{
"criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B"
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876"
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenserver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE91B02A-0F07-437D-8AFC-38541C5A04AD",
"versionEndIncluding": "7.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95"
},
{
"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6"
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
],
"operator": "OR"
}
]
}
]