PT-2016-5670 · Qemu+5 · Qemu+5

Qinghao Tang

Published

2016-05-09

Updated

2021-08-04

CVE-2016-3710

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description The issue concerns improper bounds checking on banked access to video memory in the VGA module. This allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2016-1565

CESA-2016_0724

CESA-2016_0997

CVE-2016-3710

DLA-539-1

DLA-540-1

DLA-571-1

DSA-3573-1

MGASA-2016-0176

MGASA-2017-0012

OPENSUSE-SU-2016_1750-1

OPENSUSE-SU-2016_2494-1

OPENSUSE-SU-2016_2497-1

RHSA-2016:0724

RHSA-2016:0725

RHSA-2016:0997

RHSA-2016:0999

RHSA-2016:1000

RHSA-2016:1001

RHSA-2016:1002

RHSA-2016:1019

RHSA-2016:1224

RHSA-2016:1943

RHSA-2016_0724

RHSA-2016_0997

RHSA-2016_1943

SUSE-SU-2016:1560-1

SUSE-SU-2016:1698-1

SUSE-SU-2016:1703-1

SUSE-SU-2016:1785-1

SUSE-SU-2016:2093-1

SUSE-SU-2016:2100-1

SUSE-SU-2016:2528-1

SUSE-SU-2016:2533-1

SUSE-SU-2016:2725-1

USN-2974-1

Affected Products

Alt Linux

Centos

Qemu

Red Hat

Suse

Ubuntu

PT-2016-5670 · Qemu+5 · Qemu+5

CVE-2016-3710

Weakness Enumeration

Related Identifiers

Affected Products

References · 418