CVE-2016-3710 (retired)

Priority
Description
The VGA module in QEMU improperly performs bounds checking on banked access
to video memory, which allows local guest OS administrators to execute
arbitrary code on the host by changing access modes after setting the bank
register, aka the "Dark Portal" issue.
Notes
 mdeslaur> A.K.A. "Dark Portal"
Assigned-to
mdeslaur
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (2.0.0+dfsg-2ubuntu1.24)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.5+dfsg-5ubuntu10.1)
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=3bf1817079bb0d80c0d8a86a7c7dd0bfe90eb82e
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: xen (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (4.4.2-0ubuntu0.14.04.6)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not compiled)
More Information

Updated: 2019-03-26 12:19:56 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)