DEBIAN-CVE-2016-3710

DEBIAN-CVE-2016-3710 PUBLISHED CVSS 8.800000190734863 HIGH

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:12	qemu	0, 0, 0
Debian:13	qemu	0, 0, 0
Debian:13	xen	0, 0, 0
Debian:14	qemu	0, 0, 0
Debian:12	xen	0, 0, 0
Debian:14	xen	0, 0, 0
Debian:11	qemu	0, 0, 0
Debian:11	xen	0, 0, 0

Timeline

May 11, 2016 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-3710 advisory

Open in Interactive Console →