CVE-2016-3710 (retired)

Priority
Description
The VGA module in QEMU improperly performs bounds checking on banked access
to video memory, which allows local guest OS administrators to execute
arbitrary code on the host by changing access modes after setting the bank
register, aka the "Dark Portal" issue.
Assigned-to
mdeslaur
Notes
mdeslaurA.K.A. "Dark Portal"
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.5+dfsg-5ubuntu10.1)
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=3bf1817079bb0d80c0d8a86a7c7dd0bfe90eb82e
Package
Upstream:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: xen (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not compiled)
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2019-10-09 07:56:03 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)