Vulnerability Change Records for CVE-2016-3710

Change History

CVE Modified by Source 10/03/2016 10:8:08 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Modified Analysis 6/22/2016 7:36:06 PM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     OR
          *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
Configuration 1
     OR
          *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*
          *cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*
          *cpe:2.3:a:hp:helion_openstack:2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:hp:helion_openstack:2.0:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Configuration 4
     OR
          *cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*

CVE Modified by Source 6/20/2016 9:59:35 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.ubuntu.com/usn/USN-2974-1

CVE Modified by Red Hat, Inc. 1/04/2018 9:30:43 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-1943.html [No Types Assigned]

CVE Translated 7/14/2016 6:45:01 PM

Action Type Old Value New Value
Added Translation

								
							
							
						
El módulo VGA en QEMU lleva a cabo incorrectamente comprobaciones de límites sobre acceso almacenado a la memoria de vídeo, lo que permite a administradores locales de SO invitado ejecutar código arbitrario sobre el anfitrión cambiando los modos de acceso después de establecer el banco de registros, también conocido como el problema "Dark Portal".
Removed Translation
El módulo VGA en QEMU lleva a cabo incorrectamente comprobaciones de límites sobre acceso almacenado a la memoria de vídeo, lo que permite a usuarios de SO invitado locales ejecutar código arbitrario sobre el anfitrión cambiando los modos de acceso después de establecer el banco de registros, también conocido como el problema "Dark Portal".

								
						

CVE Modified by Source 7/13/2016 10:0:53 PM

Action Type Old Value New Value
Changed Description
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS users to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-0724.html
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-0725.html
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-0997.html
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-0999.html
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-1000.html
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-1001.html
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-1002.html
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-1019.html
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2016:1224

Initial CVE Analysis 5/12/2016 1:44:22 PM

Action Type Old Value New Value

CVE Modified by Source 10/26/2016 10:0:00 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

CVE Modified by Red Hat, Inc. 11/30/2016 10:10:05 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://support.citrix.com/article/CTX212736 [No Types Assigned]

Modified Analysis 5/16/2016 10:1:47 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     OR
          *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Added CVSS V3

								
							
							
						
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Added CWE

								
							
							
						
CWE-284
Changed Reference Type
http://xenbits.xen.org/xsa/advisory-179.html No Types Assigned
http://xenbits.xen.org/xsa/advisory-179.html Advisory
Changed Reference Type
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html No Types Assigned
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html Advisory

CVE Modified by Red Hat, Inc. 11/28/2016 3:12:14 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/90316 [No Types Assigned]

CVE Modified by Source 6/10/2016 10:1:42 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862

CVE Modified by Source 9/08/2016 10:1:04 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Modified Analysis 4/09/2020 9:56:52 AM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:a:hp:helion_openstack:2.0:*:*:*:*:*:*:*
     *cpe:2.3:a:hp:helion_openstack:2.1:*:*:*:*:*:*:*
     *cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*
     *cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*
OR
     *cpe:2.3:a:hp:helion_openstack:2.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:hp:helion_openstack:2.1.0:*:*:*:*:*:*:*
     *cpe:2.3:a:hp:helion_openstack:2.1.2:*:*:*:*:*:*:*
     *cpe:2.3:a:hp:helion_openstack:2.1.4:*:*:*:*:*:*:*
Removed CVSS V3
NIST AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

								
						
Added CVSS V3.1

								
							
							
						
NIST AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-0724.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-0724.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-0725.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-0725.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-0997.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-0997.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-0999.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-0999.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-1000.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-1000.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-1001.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-1001.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-1002.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-1002.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-1019.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-1019.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-1943.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-1943.html Third Party Advisory
Changed Reference Type
http://support.citrix.com/article/CTX212736 No Types Assigned
http://support.citrix.com/article/CTX212736 Third Party Advisory
Changed Reference Type
http://www.debian.org/security/2016/dsa-3573 No Types Assigned
http://www.debian.org/security/2016/dsa-3573 Third Party Advisory
Changed Reference Type
http://www.openwall.com/lists/oss-security/2016/05/09/3 No Types Assigned
http://www.openwall.com/lists/oss-security/2016/05/09/3 Mailing List, Third Party Advisory
Changed Reference Type
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html No Types Assigned
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html Third Party Advisory
Changed Reference Type
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html No Types Assigned
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html Third Party Advisory
Changed Reference Type
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html No Types Assigned
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html Third Party Advisory
Changed Reference Type
http://www.securityfocus.com/bid/90316 No Types Assigned
http://www.securityfocus.com/bid/90316 Third Party Advisory, VDB Entry
Changed Reference Type
http://www.securitytracker.com/id/1035794 No Types Assigned
http://www.securitytracker.com/id/1035794 Third Party Advisory, VDB Entry
Changed Reference Type
http://www.ubuntu.com/usn/USN-2974-1 No Types Assigned
http://www.ubuntu.com/usn/USN-2974-1 Third Party Advisory
Changed Reference Type
http://xenbits.xen.org/xsa/advisory-179.html Vendor Advisory
http://xenbits.xen.org/xsa/advisory-179.html Third Party Advisory
Changed Reference Type
https://access.redhat.com/errata/RHSA-2016:1224 No Types Assigned
https://access.redhat.com/errata/RHSA-2016:1224 Third Party Advisory
Changed Reference Type
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862 No Types Assigned
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862 Vendor Advisory
Changed Reference Type
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html Vendor Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html Mailing List, Third Party Advisory