{
  "threat_severity" : "Important",
  "public_date" : "2016-05-09T00:00:00Z",
  "bugzilla" : {
    "description" : "qemu: incorrect banked access bounds checking in vga module",
    "id" : "1331401",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1331401"
  },
  "cvss" : {
    "cvss_base_score" : "6.5",
    "cvss_scoring_vector" : "AV:A/AC:H/Au:S/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.6",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "details" : [ "The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the \"Dark Portal\" issue.", "An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations using I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process." ],
  "acknowledgement" : "Red Hat would like to thank Qinghao Tang (360.cn Marvel Team) and Wei Xiao (360.cn Marvel Team) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2016-09-27T00:00:00Z",
    "advisory" : "RHSA-2016:1943",
    "cpe" : "cpe:/a:redhat:rhel_virtualization:5",
    "package" : "kvm-0:83-276.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-05-10T00:00:00Z",
    "advisory" : "RHSA-2016:0997",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "qemu-kvm-2:0.12.1.2-2.491.el6_8.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-05-09T00:00:00Z",
    "advisory" : "RHSA-2016:0724",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "qemu-kvm-10:1.5.3-105.el7_2.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
    "release_date" : "2016-05-11T00:00:00Z",
    "advisory" : "RHSA-2016:1019",
    "cpe" : "cpe:/a:redhat:openstack:5::el6",
    "package" : "qemu-kvm-rhev-2:0.12.1.2-2.491.el6_8.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
    "release_date" : "2016-05-10T00:00:00Z",
    "advisory" : "RHSA-2016:0999",
    "cpe" : "cpe:/a:redhat:openstack:5::el7",
    "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.13"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
    "release_date" : "2016-05-10T00:00:00Z",
    "advisory" : "RHSA-2016:1000",
    "cpe" : "cpe:/a:redhat:openstack:6::el7",
    "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.13"
  }, {
    "product_name" : "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7",
    "release_date" : "2016-05-10T00:00:00Z",
    "advisory" : "RHSA-2016:1001",
    "cpe" : "cpe:/a:redhat:openstack:7::el7",
    "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.13"
  }, {
    "product_name" : "Red Hat OpenStack Platform 8.0 (Liberty)",
    "release_date" : "2016-05-10T00:00:00Z",
    "advisory" : "RHSA-2016:1002",
    "cpe" : "cpe:/a:redhat:openstack:8::el7",
    "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.13"
  }, {
    "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6",
    "release_date" : "2016-06-13T00:00:00Z",
    "advisory" : "RHSA-2016:1224",
    "cpe" : "cpe:/a:redhat:enterprise_linux:6::hypervisor",
    "package" : "qemu-kvm-rhev-2:0.12.1.2-2.479.el6_7.5"
  }, {
    "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-7",
    "release_date" : "2016-05-09T00:00:00Z",
    "advisory" : "RHSA-2016:0725",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "qemu-kvm-rhev-10:2.3.0-31.el7_2.13"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Affected",
    "package_name" : "kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat OpenStack Platform 9 (Mitaka)",
    "fix_state" : "Affected",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-3710\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3710" ],
  "name" : "CVE-2016-3710",
  "csaw" : false
}