Vulnerability Details : CVE-2016-3710
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
Vulnerability category: OverflowExecute code
Threat overview for CVE-2016-3710
Top countries where our scanners detected CVE-2016-3710
Top open port discovered on systems with this issue
443
IPs affected by CVE-2016-3710 8
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-3710!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-3710
Probability of exploitation activity in the next 30 days: 0.15%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 50 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-3710
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
|
8.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
NIST |
CWE ids for CVE-2016-3710
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3710
-
http://www.openwall.com/lists/oss-security/2016/05/09/3
oss-security - CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issueMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0997.html
RHSA-2016:0997 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1002.html
RHSA-2016:1002 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data AccessThird Party Advisory;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0725.html
RHSA-2016:0725 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1001.html
RHSA-2016:1001 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://support.citrix.com/article/CTX212736
Citrix XenServer Multiple Security UpdatesThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1943.html
RHSA-2016:1943 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2974-1
USN-2974-1: QEMU vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://xenbits.xen.org/xsa/advisory-179.html
XSA-179 - Xen Security AdvisoriesThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0999.html
RHSA-2016:0999 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Oracle Linux Bulletin - October 2016Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2016:1224
RHSA-2016:1224 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1019.html
RHSA-2016:1019 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle Linux Bulletin - April 2016Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0724.html
RHSA-2016:0724 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1035794
Xen Qemu VGA Module Bugs Let Local Users on the Guest Deny Service on the Guest or Gain Elevated Privileges on the Host System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html
[Qemu-devel] [PULL 1/5] vga: fix banked access bounds checking (CVE-2016Mailing List;Patch;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3573
Debian -- Security Information -- DSA-3573-1 qemuThird Party Advisory
-
http://www.securityfocus.com/bid/90316
QEMU CVE-2016-3710 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2016-1000.html
RHSA-2016:1000 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Products affected by CVE-2016-3710
- cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
- cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*
- cpe:2.3:a:oracle:vm_server:3.3:*:*:*:*:*:x86:*
- cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:x86:*
- cpe:2.3:a:citrix:xenserver:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.6.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.6.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.6.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.6.0:rc4:*:*:*:*:*:*