CVE-2020-35505
Summary
| CVE | CVE-2020-35505 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-28 11:15:00 UTC |
| Updated | 2022-09-22 21:03:00 UTC |
| Description | A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. |
Risk And Classification
Problem Types: CWE-476
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - QEMU: ESP security fixes | MISC | www.openwall.com | |
| 1909769 – (CVE-2020-35505) CVE-2020-35505 QEMU: NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c | MISC | bugzilla.redhat.com | |
| oss-security - QEMU: ESP security fixes | MLIST | www.openwall.com | |
| [SECURITY] [DLA 3099-1] qemu security update | MLIST | lists.debian.org | |
| May 2021 QEMU Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo security | GENTOO | security.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180995 Debian Security Update for qemu (DLA 3099-1)
- 198432 Ubuntu Security Notification for QEMU vulnerabilities (USN-5010-1)
- 502355 Alpine Linux Security Update for qemu
- 671198 EulerOS Security Update for qemu (EulerOS-SA-2022-1034)
- 671203 EulerOS Security Update for qemu (EulerOS-SA-2022-1014)
- 710604 Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 202208-27)
- 750995 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:2813-1)
- 751013 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2789-1)
- 751053 OpenSUSE Security Update for qemu (openSUSE-SU-2021:1202-1)
- 751068 OpenSUSE Security Update for qemu (openSUSE-SU-2021:2858-1)
- 751322 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3614-1)
- 751323 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3613-1)
- 751330 OpenSUSE Security Update for qemu (openSUSE-SU-2021:3614-1)
- 751338 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3635-1)
- 900063 CBL-Mariner Linux Security Update for qemu-kvm 4.2.0
- 903594 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (4321)
- 904518 Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (4321-1)