PublicDateAtUSN: 2016-05-09 Candidate: CVE-2016-3710 PublicDate: 2016-05-11 21:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3710 http://xenbits.xen.org/xsa/advisory-179.html http://www.openwall.com/lists/oss-security/2016/05/09/3 https://ubuntu.com/security/notices/USN-2974-1 Description: The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. Ubuntu-Description: Notes: mdeslaur> A.K.A. "Dark Portal" Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823830 Priority: medium Discovered-by: Wei Xiao and Qinghao Tang Assigned-to: mdeslaur CVSS: nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H [8.8 HIGH] nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H [8.8 HIGH] Patches_qemu-kvm: upstream_qemu-kvm: needs-triage precise_qemu-kvm: released (1.0+noroms-0ubuntu14.28) trusty_qemu-kvm: DNE trusty/esm_qemu-kvm: DNE vivid/ubuntu-core_qemu-kvm: DNE vivid/stable-phone-overlay_qemu-kvm: DNE wily_qemu-kvm: DNE xenial_qemu-kvm: DNE devel_qemu-kvm: DNE Patches_qemu: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=3bf1817079bb0d80c0d8a86a7c7dd0bfe90eb82e upstream_qemu: needs-triage precise_qemu: DNE trusty_qemu: released (2.0.0+dfsg-2ubuntu1.24) trusty/esm_qemu: released (2.0.0+dfsg-2ubuntu1.24) vivid/ubuntu-core_qemu: DNE vivid/stable-phone-overlay_qemu: DNE wily_qemu: released (1:2.3+dfsg-5ubuntu9.4) xenial_qemu: released (1:2.5+dfsg-5ubuntu10.1) esm-infra/xenial_qemu: released (1:2.5+dfsg-5ubuntu10.1) devel_qemu: not-affected (1:2.6+dfsg-3ubuntu1) Patches_xen: Tags_xen: universe-binary upstream_xen: needs-triage precise_xen: released (4.1.6.1-0ubuntu0.12.04.11) trusty_xen: released (4.4.2-0ubuntu0.14.04.6) trusty/esm_xen: DNE (trusty was released [4.4.2-0ubuntu0.14.04.6]) vivid/ubuntu-core_xen: DNE vivid/stable-phone-overlay_xen: DNE wily_xen: not-affected (code not compiled) xenial_xen: not-affected (code not compiled) esm-infra/xenial_xen: not-affected (code not compiled) devel_xen: not-affected (code not compiled)