vulnerability

Ubuntu: USN-2974-1 (CVE-2016-3710): QEMU vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	May 11, 2016	May 12, 2016	Mar 27, 2026

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

May 11, 2016

Added

May 12, 2016

Modified

Mar 27, 2026

Description

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Solutions

ubuntu-upgrade-qemu-kvmubuntu-upgrade-qemu-systemubuntu-upgrade-qemu-system-aarch64ubuntu-upgrade-qemu-system-armubuntu-upgrade-qemu-system-mipsubuntu-upgrade-qemu-system-miscubuntu-upgrade-qemu-system-ppcubuntu-upgrade-qemu-system-s390xubuntu-upgrade-qemu-system-sparcubuntu-upgrade-qemu-system-x86

References

CVE-2016-3710
https://attackerkb.com/topics/CVE-2016-3710
CWE-119
DEBIAN-DLA-539-1
DEBIAN-DLA-540-1
DEBIAN-DLA-571-1
DEBIAN-DSA-3573
EUVD-EUVD-2016-4731
NVD-CVE-2016-3710
UBUNTU-USN-2974-1
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-4731

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today