Back to bug 1331401
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Martin Prpič | 2016-04-28 13:10:21 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-04-28 13:10:21 UTC | Doc Type | --- | Bug Fix |
| Martin Prpič | 2016-04-28 13:11:42 UTC | CC | kraxel | |
| Martin Prpič | 2016-04-28 13:14:50 UTC | Blocks | 1331403 | |
| Martin Prpič | 2016-04-28 13:20:37 UTC | Depends On | 1331406 | |
| Martin Prpič | 2016-04-28 13:20:45 UTC | Depends On | 1331407 | |
| Martin Prpič | 2016-04-28 13:20:54 UTC | Depends On | 1331408 | |
| Martin Prpič | 2016-04-28 13:21:03 UTC | Depends On | 1331409 | |
| Martin Prpič | 2016-04-28 13:21:11 UTC | Depends On | 1331410 | |
| Martin Prpič | 2016-04-28 13:21:19 UTC | Depends On | 1331411 | |
| Martin Prpič | 2016-04-28 13:21:28 UTC | Depends On | 1331412 | |
| Martin Prpič | 2016-04-28 13:21:35 UTC | Depends On | 1331413 | |
| Martin Prpič | 2016-04-28 13:21:46 UTC | Depends On | 1331414 | |
| Martin Prpič | 2016-04-28 13:21:54 UTC | Depends On | 1331415 | |
| Jeff Nelson | 2016-04-28 22:18:51 UTC | CC | mprpic | |
| Flags | needinfo?(mprpic) | |||
| Garth Mollett | 2016-04-28 23:56:03 UTC | Whiteboard | impact=important,public=no,reported=20160422,source=researcher,cvss2=7.4/AV:A/AC:M/Au:S/C:C/I:C/A:C,rhel-5/kvm=wontfix,rhel-6/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,rhev-m-3/qemu-kvm-rhev=affected,fedora-all/qemu=affected | impact=important,public=no,reported=20160422,source=researcher,cvss2=7.4/AV:A/AC:M/Au:S/C:C/I:C/A:C,rhel-5/kvm=wontfix,rhel-6/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,openstack-9/qemu-kvm-rhev=affected,rhev-m-3/qemu-kvm-rhev=affected,fedora-all/qemu=affected |
| Garth Mollett | 2016-04-29 00:25:04 UTC | Depends On | 1331606 | |
| Garth Mollett | 2016-04-29 00:25:15 UTC | Depends On | 1331607 | |
| Garth Mollett | 2016-04-29 00:25:32 UTC | Depends On | 1331608 | |
| Garth Mollett | 2016-04-29 00:25:44 UTC | Depends On | 1331609 | |
| Garth Mollett | 2016-04-29 00:26:01 UTC | Depends On | 1331610 | |
| Garth Mollett | 2016-04-29 00:26:13 UTC | Depends On | 1331611 | |
| Prasad Pandit | 2016-04-29 07:27:49 UTC | CC | prasad | |
| Prasad Pandit | 2016-04-29 09:56:45 UTC | Flags | needinfo?(mprpic) | |
| Jeff Nelson | 2016-04-30 07:09:02 UTC | Flags | needinfo?(security-response-team) | |
| Fabio Olive Leite | 2016-05-02 18:19:34 UTC | Flags | needinfo?(security-response-team) | needinfo?(mprpic) |
| Prasad Pandit | 2016-05-03 05:13:18 UTC | Flags | needinfo?(mprpic) | |
| Jon Schlueter | 2016-05-04 14:34:37 UTC | CC | jjoyce | |
| Prasad Pandit | 2016-05-09 05:51:37 UTC | Doc Text | Qemu emulator built with VGA emulation with VESA BIOS Extensions(VBE) support is vulnerable to an OOB r/w access issue. It could occur while doing VGA r/w operations via i/o port methods. A privileged guest user could use this flaw to potentially execute arbitrary code on the host, with privileged of the Qemu process. | |
| Whiteboard | impact=important,public=no,reported=20160422,source=researcher,cvss2=7.4/AV:A/AC:M/Au:S/C:C/I:C/A:C,rhel-5/kvm=wontfix,rhel-6/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,openstack-9/qemu-kvm-rhev=affected,rhev-m-3/qemu-kvm-rhev=affected,fedora-all/qemu=affected | impact=important,public=no,reported=20160422,source=researcher,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,rhel-5/kvm=affected,rhel-6/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,openstack-9/qemu-kvm-rhev=affected,rhev-m-3/qemu-kvm-rhev=affected,fedora-all/qemu=affected | ||
| Prasad Pandit | 2016-05-09 05:55:17 UTC | Depends On | 1334173 | |
| Adam Mariš | 2016-05-09 06:23:12 UTC | CC | amaris | |
| Martin Prpič | 2016-05-09 08:13:58 UTC | Doc Text | Qemu emulator built with VGA emulation with VESA BIOS Extensions(VBE) support is vulnerable to an OOB r/w access issue. It could occur while doing VGA r/w operations via i/o port methods. A privileged guest user could use this flaw to potentially execute arbitrary code on the host, with privileged of the Qemu process. | An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. |
| Adam Mariš | 2016-05-09 12:15:46 UTC | Whiteboard | impact=important,public=no,reported=20160422,source=researcher,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,rhel-5/kvm=affected,rhel-6/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,openstack-9/qemu-kvm-rhev=affected,rhev-m-3/qemu-kvm-rhev=affected,fedora-all/qemu=affected | impact=important,public=20160509,reported=20160422,source=researcher,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,rhel-5/kvm=affected,rhel-6/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,openstack-9/qemu-kvm-rhev=affected,rhev-m-3/qemu-kvm-rhev=affected,fedora-all/qemu=affected |
| Adam Mariš | 2016-05-09 12:17:40 UTC | Summary | EMBARGOED CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module | CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module |
| Adam Mariš | 2016-05-09 12:17:49 UTC | Group | security, qe_staff | |
| Prasad Pandit | 2016-05-09 12:21:40 UTC | Whiteboard | impact=important,public=20160509,reported=20160422,source=researcher,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,rhel-5/kvm=affected,rhel-6/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,openstack-9/qemu-kvm-rhev=affected,rhev-m-3/qemu-kvm-rhev=affected,fedora-all/qemu=affected | impact=important,public=20160509,reported=20160422,source=researcher,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,rhel-5/kvm=affected,rhel-6/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,openstack-9/qemu-kvm-rhev=affected,rhev-m-3/qemu-kvm-rhev=affected,fedora-all/qemu=affected,fedora-all/xen=affected |
| Prasad Pandit | 2016-05-09 12:22:51 UTC | Depends On | 1334345 | |
| Prasad Pandit | 2016-05-09 12:23:10 UTC | Depends On | 1334346 | |
| Summer Long | 2016-05-10 03:18:55 UTC | CC | slong | |
| Doc Text | An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. | An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations using I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. | ||
| Eyal Edri | 2016-05-22 08:13:05 UTC | CC | eedri | |
| Prasad Pandit | 2016-09-21 08:10:27 UTC | Whiteboard | impact=important,public=20160509,reported=20160422,source=researcher,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,rhel-5/kvm=affected,rhel-6/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,openstack-9/qemu-kvm-rhev=affected,rhev-m-3/qemu-kvm-rhev=affected,fedora-all/qemu=affected,fedora-all/xen=affected | impact=important,public=20160509,reported=20160422,source=researcher,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,cvss3=7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H,rhel-5/kvm=affected,rhel-6/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,openstack-9/qemu-kvm-rhev=affected,rhev-m-3/qemu-kvm-rhev=affected,fedora-all/qemu=affected,fedora-all/xen=affected |
| Adam Mariš | 2016-11-08 16:13:04 UTC | CC | amaris | |
| Yasuhiro Ozone | 2017-03-27 05:08:59 UTC | CC | yozone | |
| Scott Herold | 2017-09-12 15:30:34 UTC | CC | sherold | |
| Adam Young | 2017-10-18 18:53:09 UTC | CC | ayoung | |
| PnT Account Manager | 2018-01-30 23:58:10 UTC | CC | aortega | |
| PnT Account Manager | 2018-07-18 14:52:55 UTC | CC | rbalakri | |
| PnT Account Manager | 2018-11-05 22:44:15 UTC | CC | ylavi | |
| Gil Klein | 2019-04-14 12:40:40 UTC | CC | gklein | |
| Product Security DevOps Team | 2019-06-08 02:51:03 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 02:51:03 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=important,public=20160509,reported=20160422,source=researcher,cvss2=6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C,cvss3=7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H,rhel-5/kvm=affected,rhel-6/qemu-kvm=affected,rhel-6/qemu-kvm-rhev=affected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,openstack-9/qemu-kvm-rhev=affected,rhev-m-3/qemu-kvm-rhev=affected,fedora-all/qemu=affected,fedora-all/xen=affected |
Back to bug 1331401