CVE-2016-3710: Buffer Overflow
First published: Thu Apr 28 2016(Updated: )
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian | =8.0 | |
| HP Helion OpenStack | =2.0.0 | |
| HP Helion OpenStack | =2.1.0 | |
| HP Helion OpenStack | =2.1.2 | |
| HP Helion OpenStack | =2.1.4 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.10 | |
| Ubuntu | =16.04 | |
| QEMU | <=2.5.1 | |
| QEMU | =2.6.0-rc0 | |
| QEMU | =2.6.0-rc1 | |
| QEMU | =2.6.0-rc2 | |
| QEMU | =2.6.0-rc3 | |
| QEMU | =2.6.0-rc4 | |
| Oracle VM Server | =3.2 | |
| Oracle VM Server | =3.3 | |
| Oracle VM Server | =3.4 | |
| Oracle Linux | =5 | |
| Oracle Linux | =6 | |
| Oracle Linux | =7 | |
| XenServer | <=7.0 | |
| Red Hat OpenStack for IBM Power | =5.0 | |
| Red Hat OpenStack for IBM Power | =6.0 | |
| Red Hat OpenStack for IBM Power | =7.0 | |
| Red Hat OpenStack for IBM Power | =8 | |
| Red Hat Enterprise Virtualization | =3.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.5 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.7 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.7 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2016-0724.html
- http://rhn.redhat.com/errata/RHSA-2016-0725.html
- http://rhn.redhat.com/errata/RHSA-2016-0997.html
- http://rhn.redhat.com/errata/RHSA-2016-0999.html
- http://rhn.redhat.com/errata/RHSA-2016-1000.html
- http://rhn.redhat.com/errata/RHSA-2016-1001.html
- http://rhn.redhat.com/errata/RHSA-2016-1002.html
- http://rhn.redhat.com/errata/RHSA-2016-1019.html
- http://rhn.redhat.com/errata/RHSA-2016-1943.html
- http://support.citrix.com/article/CTX212736
- http://www.debian.org/security/2016/dsa-3573
- http://www.openwall.com/lists/oss-security/2016/05/09/3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/90316
- http://www.securitytracker.com/id/1035794
- http://www.ubuntu.com/usn/USN-2974-1
- http://xenbits.xen.org/xsa/advisory-179.html
- https://access.redhat.com/errata/RHSA-2016:1224
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
- https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1334178
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1334346
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1334345
- https://rhn.redhat.com/errata/RHSA-2016-0725.html
- https://rhn.redhat.com/errata/RHSA-2016-0724.html
- https://rhn.redhat.com/errata/RHSA-2016-0997.html
- https://rhn.redhat.com/errata/RHSA-2016-0999.html
- https://rhn.redhat.com/errata/RHSA-2016-1002.html
- https://rhn.redhat.com/errata/RHSA-2016-1001.html
- https://rhn.redhat.com/errata/RHSA-2016-1000.html
- https://rhn.redhat.com/errata/RHSA-2016-1019.html
- https://rhn.redhat.com/errata/RHSA-2016-1943.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1331401
Frequently Asked Questions
What is the severity of CVE-2016-3710?
CVE-2016-3710 has been classified with a moderate severity rating due to its potential to allow arbitrary code execution on the host system.
How do I fix CVE-2016-3710?
To remediate CVE-2016-3710, update QEMU to the latest version that addresses this vulnerability.
What software is affected by CVE-2016-3710?
CVE-2016-3710 affects several software platforms including QEMU versions up to 2.6.0-rc4 and various distributions like Debian 8.0, Ubuntu 12.04, and HP Helion OpenStack.
Can CVE-2016-3710 be exploited remotely?
No, CVE-2016-3710 requires local access to the vulnerable guest operating system to exploit the vulnerability.
What impact does CVE-2016-3710 have on system security?
CVE-2016-3710 allows local guest OS administrators to execute arbitrary code on the host, which compromises isolation between the host and guest environments.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-3710
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/hp
- canonical/hp helion openstack
- version/hp helion openstack/2.0.0
- version/hp helion openstack/2.1.0
- version/hp helion openstack/2.1.2
- version/hp helion openstack/2.1.4
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.10
- version/ubuntu/16.04
- vendor/qemu
- canonical/qemu
- version/qemu/2.5.1
- version/qemu/2.6.0-rc0
- version/qemu/2.6.0-rc1
- version/qemu/2.6.0-rc2
- version/qemu/2.6.0-rc3
- version/qemu/2.6.0-rc4
- vendor/oracle
- canonical/oracle vm server
- version/oracle vm server/3.2
- version/oracle vm server/3.3
- version/oracle vm server/3.4
- canonical/oracle linux
- version/oracle linux/5
- version/oracle linux/6
- version/oracle linux/7
- vendor/citrix
- canonical/xenserver
- version/xenserver/7.0
- vendor/redhat
- canonical/red hat openstack for ibm power
- version/red hat openstack for ibm power/5.0
- version/red hat openstack for ibm power/6.0
- version/red hat openstack for ibm power/7.0
- version/red hat openstack for ibm power/8
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/3.0
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.2
- version/red hat enterprise linux server/7.3
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.6
- version/red hat enterprise linux server/7.5
- version/red hat enterprise linux server/7.7
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- version/red hat enterprise linux workstation/7.0