VDB
CVE-2016-3710
CVE-2016-3710
PUBLISHED
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
EPSS 0.07% · 22.4th percentile
Risk Scores
EPSS Score
0.07%
22.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | xen | 4.4.0-0ubuntu5.1, 4.4.2-0ubuntu0.14.04.5, 4.4.2-0ubuntu0.14.04.4 |
| Ubuntu:14.04:LTS | qemu | 2.0.0~rc1+dfsg-0ubuntu2, 2.0.0~rc1+dfsg-0ubuntu3.1, 2.0.0+dfsg-2ubuntu1 |
| Ubuntu:16.04:LTS | qemu | 0, *, * |
Timeline
- May 9, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 8, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-3710 third-party-advisory
- http://xenbits.xen.org/xsa/advisory-179.html third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/05/09/3 third-party-advisory
- https://ubuntu.com/security/notices/USN-2974-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-3710 third-party-advisory