High severity8.8NVD Advisory· Published May 11, 2016· Updated May 6, 2026

CVE-2016-3710

Description

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Affected products

Citrix Systems/Xenserver
cpe:2.3:a:citrix:xenserver:*:*:*:*:*:*:*:*
Range: <=7.0
HP/Helion Openstack4 versions
cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*
Oracle Corporation/Vm Server3 versions
cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*+ 2 more
- cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*
- cpe:2.3:a:oracle:vm_server:3.3:*:*:*:*:*:x86:*
- cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:x86:*
QEMU/Qemu6 versions
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*range: <=2.5.1
- cpe:2.3:a:qemu:qemu:2.6.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.6.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.6.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.6.0:rc4:*:*:*:*:*:*
Red Hat/Openstack4 versions
cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
Red Hat/Virtualization
cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Oracle Corporation/Linux3 versions
cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus4 versions
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Eus6 versions
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Tus4 versions
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.htmlnvdMailing ListPatchThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-0724.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-0725.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-0997.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-0999.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-1000.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-1001.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-1002.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-1019.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-1943.htmlnvdThird Party Advisory
support.citrix.com/article/CTX212736nvdThird Party Advisory
www.debian.org/security/2016/dsa-3573nvdThird Party Advisory
www.openwall.com/lists/oss-security/2016/05/09/3nvdMailing ListThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlnvdThird Party Advisory
www.securityfocus.com/bid/90316nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1035794nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2974-1nvdThird Party Advisory
xenbits.xen.org/xsa/advisory-179.htmlnvdThird Party Advisory
access.redhat.com/errata/RHSA-2016:1224nvdThird Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party AdvisoryVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000