製品・ソフトウェアに関する情報

JVN脆弱性詳細

QEMU の VGA モジュールにおけるホスト上で任意のコードを実行される脆弱性

Title	QEMU の VGA モジュールにおけるホスト上で任意のコードを実行される脆弱性
Summary	QEMU の VGA モジュールは、ビデオメモリへのバンクアクセスの境界チェックを適切に実行しないため、ホスト上で任意のコードを実行される脆弱性が存在します。本脆弱性は、"Dark Portal" の問題と呼ばれています。補足情報 : CWE による脆弱性タイプは、CWE-284: Improper Access Control (不適切なアクセス制御) と識別されています。 http://cwe.mitre.org/data/definitions/284.html
Possible impacts	ローカルのゲスト OS ユーザにより、バンクレジスタ (bank register) を設定した後、アクセスモードを変更されることで、ホスト上で任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 9, 2016, midnight
Registration Date	May 19, 2016, 11:42 a.m.
Last Update	Nov. 17, 2016, 3:34 p.m.

CVSS3.0 : 重要
Score	8.8
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS2.0 : 危険
Score	7.2
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C

Affected System

Debian

Debian GNU/Linux 8.0

Canonical

Ubuntu 12.04 LTS

Ubuntu 14.04 LTS

Ubuntu 15.10

Ubuntu 16.04 LTS

Fabrice Bellard

QEMU

ヒューレット・パッカード・エンタープライズ

HPE Helion OpenStack 2.0

HPE Helion OpenStack 2.1

HPE Helion OpenStack 2.1.2

HPE Helion OpenStack 2.1.4

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-3710	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3710
National Vulnerability Database (NVD)
2	CVE-2016-3710	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3710

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Debian Security Advisory
1	DSA-3573	https://www.debian.org/security/2016/dsa-3573
HPE Security Bulletin
2	HPSBGN03620	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05164862
Oracle Technology Network
3	Oracle Linux Bulletin - April 2016	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
4	Oracle Linux Bulletin - October 2016	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
5	Oracle VM Server for x86 Bulletin - July 2016	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Qemu-devel
6	[PULL 1/5] vga: fix banked access bounds checking (CVE-2016-3710)	https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html
Red Hat Security Advisory
7	RHSA-2016:0724	http://rhn.redhat.com/errata/RHSA-2016-0724.html
8	RHSA-2016:0725	http://rhn.redhat.com/errata/RHSA-2016-0725.html
9	RHSA-2016:0997	http://rhn.redhat.com/errata/RHSA-2016-0997.html
10	RHSA-2016:0999	http://rhn.redhat.com/errata/RHSA-2016-0999.html
11	RHSA-2016:1000	http://rhn.redhat.com/errata/RHSA-2016-1000.html
12	RHSA-2016:1001	http://rhn.redhat.com/errata/RHSA-2016-1001.html
13	RHSA-2016:1002	http://rhn.redhat.com/errata/RHSA-2016-1002.html
14	RHSA-2016:1019	http://rhn.redhat.com/errata/RHSA-2016-1019.html
15	RHSA-2016:1224	https://access.redhat.com/errata/RHSA-2016:1224
Ubuntu Security Notice
16	USN-2974-1	http://www.ubuntu.com/usn/USN-2974-1
Xen Security Advisory
17	XSA-179	http://xenbits.xen.org/xsa/advisory-179.html

Change Log

No	Changed Details	Date of change
0	[2016年05月19日] 掲載 [2016年06月24日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：ヒューレット・パッカード・エンタープライズ (HPSBGN03620) を追加ベンダ情報：Canonical (USN-2974-1) を追加 [2016年08月31日] ベンダ情報：レッドハット (RHSA-2016:0724) を追加ベンダ情報：レッドハット (RHSA-2016:0725) を追加ベンダ情報：レッドハット (RHSA-2016:0997) を追加ベンダ情報：レッドハット (RHSA-2016:0999) を追加ベンダ情報：レッドハット (RHSA-2016:1000) を追加ベンダ情報：レッドハット (RHSA-2016:1001) を追加ベンダ情報：レッドハット (RHSA-2016:1002) を追加ベンダ情報：レッドハット (RHSA-2016:1019) を追加ベンダ情報：レッドハット (RHSA-2016:1224) を追加 [2016年11月17日] ベンダ情報：オラクル (Oracle Linux Bulletin - April 2016) を追加ベンダ情報：オラクル (Oracle Linux Bulletin - October 2016) を追加ベンダ情報：オラクル (Oracle VM Server for x86 Bulletin - July 2016) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-3710

Summary	The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
Publication Date	May 12, 2016, 6:59 a.m.
Registration Date	Jan. 26, 2021, 2:11 p.m.
Last Update	Nov. 21, 2024, 11:50 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:hp:helion_openstack:2.1.2:::::::*
cpe:2.3:a:hp:helion_openstack:2.1.4:::::::*
cpe:2.3:a:hp:helion_openstack:2.1.0:::::::*
cpe:2.3:a:hp:helion_openstack:2.0.0:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:qemu:qemu::::::::		2.5.1
cpe:2.3:a:qemu:qemu:2.6.0:rc1::::::
cpe:2.3:a:qemu:qemu:2.6.0:rc2::::::
cpe:2.3:a:qemu:qemu:2.6.0:rc3::::::
cpe:2.3:a:qemu:qemu:2.6.0:rc4::::::
cpe:2.3:a:qemu:qemu:2.6.0:rc0::::::

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:oracle:linux:5:-::::::
cpe:2.3:a:oracle:vm_server:3.2::::::x86:
cpe:2.3:a:oracle:vm_server:3.4::::::x86:
cpe:2.3:a:oracle:vm_server:3.3::::::x86:
cpe:2.3:o:oracle:linux:6:-::::::
cpe:2.3:o:oracle:linux:7:-::::::

Configuration6		or higher	or less	more than	less than
cpe:2.3:a:citrix:xenserver::::::::			7.0

Configuration7	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
cpe:2.3:a:redhat:openstack:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:a:redhat:openstack:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
cpe:2.3:a:redhat:openstack:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
cpe:2.3:a:redhat:virtualization:3.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
cpe:2.3:a:redhat:openstack:8:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*

Related information, measures and tools

No	URL	タグ
1	http://rhn.redhat.com/errata/RHSA-2016-0724.html	Third Party Advisory
2	http://rhn.redhat.com/errata/RHSA-2016-0724.html	Third Party Advisory
3	http://rhn.redhat.com/errata/RHSA-2016-0725.html	Third Party Advisory
4	http://rhn.redhat.com/errata/RHSA-2016-0725.html	Third Party Advisory
5	http://rhn.redhat.com/errata/RHSA-2016-0997.html	Third Party Advisory
6	http://rhn.redhat.com/errata/RHSA-2016-0997.html	Third Party Advisory
7	http://rhn.redhat.com/errata/RHSA-2016-0999.html	Third Party Advisory
8	http://rhn.redhat.com/errata/RHSA-2016-0999.html	Third Party Advisory
9	http://rhn.redhat.com/errata/RHSA-2016-1000.html	Third Party Advisory
10	http://rhn.redhat.com/errata/RHSA-2016-1000.html	Third Party Advisory
11	http://rhn.redhat.com/errata/RHSA-2016-1001.html	Third Party Advisory
12	http://rhn.redhat.com/errata/RHSA-2016-1001.html	Third Party Advisory
13	http://rhn.redhat.com/errata/RHSA-2016-1002.html	Third Party Advisory
14	http://rhn.redhat.com/errata/RHSA-2016-1002.html	Third Party Advisory
15	http://rhn.redhat.com/errata/RHSA-2016-1019.html	Third Party Advisory
16	http://rhn.redhat.com/errata/RHSA-2016-1019.html	Third Party Advisory
17	http://rhn.redhat.com/errata/RHSA-2016-1943.html	Third Party Advisory
18	http://rhn.redhat.com/errata/RHSA-2016-1943.html	Third Party Advisory
19	http://support.citrix.com/article/CTX212736	Third Party Advisory
20	http://support.citrix.com/article/CTX212736	Third Party Advisory
21	http://www.debian.org/security/2016/dsa-3573	Third Party Advisory
22	http://www.debian.org/security/2016/dsa-3573	Third Party Advisory
23	http://www.openwall.com/lists/oss-security/2016/05/09/3	Mailing List Third Party Advisory
24	http://www.openwall.com/lists/oss-security/2016/05/09/3	Mailing List Third Party Advisory
25	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Third Party Advisory
26	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Third Party Advisory
27	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	Third Party Advisory
28	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	Third Party Advisory
29	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Third Party Advisory
30	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Third Party Advisory
31	http://www.securityfocus.com/bid/90316	Third Party Advisory VDB Entry
32	http://www.securityfocus.com/bid/90316	Third Party Advisory VDB Entry
33	http://www.securitytracker.com/id/1035794	Third Party Advisory VDB Entry
34	http://www.securitytracker.com/id/1035794	Third Party Advisory VDB Entry
35	http://www.ubuntu.com/usn/USN-2974-1	Third Party Advisory
36	http://www.ubuntu.com/usn/USN-2974-1	Third Party Advisory
37	http://xenbits.xen.org/xsa/advisory-179.html	Third Party Advisory
38	http://xenbits.xen.org/xsa/advisory-179.html	Third Party Advisory
39	https://access.redhat.com/errata/RHSA-2016:1224	Third Party Advisory
40	https://access.redhat.com/errata/RHSA-2016:1224	Third Party Advisory
41	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862	Third Party Advisory Vendor Advisory
42	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862	Third Party Advisory Vendor Advisory
43	https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html	Mailing List Patch Third Party Advisory
44	https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html	Mailing List Patch Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:oracle:linux:5:-::::::
cpe:2.3:a:oracle:vm_server:3.2::::::x86:
cpe:2.3:a:oracle:vm_server:3.4::::::x86:
cpe:2.3:a:oracle:vm_server:3.3::::::x86:
cpe:2.3:o:oracle:linux:6:-::::::
cpe:2.3:o:oracle:linux:7:-::::::

Configuration7	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
cpe:2.3:a:redhat:openstack:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:a:redhat:openstack:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
cpe:2.3:a:redhat:openstack:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
cpe:2.3:a:redhat:virtualization:3.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
cpe:2.3:a:redhat:openstack:8:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*