CVE-2016-3710 in Xeninfo

Summary

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS users to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

ID	Vulnerability	CWE	Exp	Cou	CVE
87131	XenSource Xen Qemu VGA access control	284	Unproven	Official fix	CVE-2016-3710

Reservation

03/30/2016

Disclosure

05/11/2016

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-3710
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-3710
CVE Details	https://www.cvedetails.com/cve/CVE-2016-3710/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!