CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

• CWE-119

• http://rhn.redhat.com/errata/RHSA-2016-0724.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-0725.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-0997.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-0999.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-1000.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-1001.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-1002.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-1019.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-1943.htmlThird Party Advisory
• http://support.citrix.com/article/CTX212736Third Party Advisory
• http://www.debian.org/security/2016/dsa-3573Third Party Advisory
• http://www.openwall.com/lists/oss-security/2016/05/09/3Mailing List, Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlThird Party Advisory
• http://www.securityfocus.com/bid/90316Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id/1035794Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/USN-2974-1Third Party Advisory
• http://xenbits.xen.org/xsa/advisory-179.htmlThird Party Advisory
• https://access.redhat.com/errata/RHSA-2016:1224Third Party Advisory
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862Third Party Advisory, Vendor Advisory
• https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.htmlMailing List, Patch, Third Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-0724.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-0725.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-0997.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-0999.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-1000.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-1001.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-1002.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-1019.htmlThird Party Advisory
• http://rhn.redhat.com/errata/RHSA-2016-1943.htmlThird Party Advisory
• http://support.citrix.com/article/CTX212736Third Party Advisory
• http://www.debian.org/security/2016/dsa-3573Third Party Advisory
• http://www.openwall.com/lists/oss-security/2016/05/09/3Mailing List, Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlThird Party Advisory
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlThird Party Advisory
• http://www.securityfocus.com/bid/90316Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id/1035794Third Party Advisory, VDB Entry
• http://www.ubuntu.com/usn/USN-2974-1Third Party Advisory
• http://xenbits.xen.org/xsa/advisory-179.htmlThird Party Advisory
• https://access.redhat.com/errata/RHSA-2016:1224Third Party Advisory
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862Third Party Advisory, Vendor Advisory
• https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.htmlMailing List, Patch, Third Party Advisory

Published

May 11, 2016

Last Modified

Jun 17, 2026

Status

Modified