{"api_version":"1","generated_at":"2026-04-23T05:05:22+00:00","cve":"CVE-2020-35505","urls":{"html":"https://cve.report/CVE-2020-35505","api":"https://cve.report/api/cve/CVE-2020-35505.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-35505","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-35505"},"summary":{"title":"CVE-2020-35505","description":"A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-05-28 11:15:00","updated_at":"2022-09-22 21:03:00"},"problem_types":["CWE-476"],"metrics":[],"references":[{"url":"https://www.openwall.com/lists/oss-security/2021/04/16/3","name":"https://www.openwall.com/lists/oss-security/2021/04/16/3","refsource":"MISC","tags":[],"title":"oss-security - QEMU: ESP security fixes","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909769","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1909769","refsource":"MISC","tags":[],"title":"1909769 – (CVE-2020-35505) CVE-2020-35505 QEMU: NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2021/04/16/3","name":"[oss-security] 20210416 QEMU: ESP security fixes","refsource":"MLIST","tags":[],"title":"oss-security - QEMU: ESP security fixes","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html","name":"[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3099-1] qemu security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20210713-0006/","name":"https://security.netapp.com/advisory/ntap-20210713-0006/","refsource":"CONFIRM","tags":[],"title":"May 2021 QEMU Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202208-27","name":"GLSA-202208-27","refsource":"GENTOO","tags":[],"title":"QEMU: Multiple Vulnerabilities (GLSA 202208-27) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-35505","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35505","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"35505","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"35505","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"35505","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"6.0.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"35505","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"6.0.0","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"35505","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"qemu","cpe5":"qemu","cpe6":"6.0.0","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-35505","qid":"180995","title":"Debian Security Update for qemu (DLA 3099-1)"},{"cve":"CVE-2020-35505","qid":"198432","title":"Ubuntu Security Notification for QEMU vulnerabilities (USN-5010-1)"},{"cve":"CVE-2020-35505","qid":"502355","title":"Alpine Linux Security Update for qemu"},{"cve":"CVE-2020-35505","qid":"671198","title":"EulerOS Security Update for qemu (EulerOS-SA-2022-1034)"},{"cve":"CVE-2020-35505","qid":"671203","title":"EulerOS Security Update for qemu (EulerOS-SA-2022-1014)"},{"cve":"CVE-2020-35505","qid":"710604","title":"Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 202208-27)"},{"cve":"CVE-2020-35505","qid":"750995","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:2813-1)"},{"cve":"CVE-2020-35505","qid":"751013","title":"OpenSUSE Security Update for qemu (openSUSE-SU-2021:2789-1)"},{"cve":"CVE-2020-35505","qid":"751053","title":"OpenSUSE Security Update for qemu (openSUSE-SU-2021:1202-1)"},{"cve":"CVE-2020-35505","qid":"751068","title":"OpenSUSE Security Update for qemu (openSUSE-SU-2021:2858-1)"},{"cve":"CVE-2020-35505","qid":"751322","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3614-1)"},{"cve":"CVE-2020-35505","qid":"751323","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3613-1)"},{"cve":"CVE-2020-35505","qid":"751330","title":"OpenSUSE Security Update for qemu (openSUSE-SU-2021:3614-1)"},{"cve":"CVE-2020-35505","qid":"751338","title":"SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2021:3635-1)"},{"cve":"CVE-2020-35505","qid":"900063","title":"CBL-Mariner Linux Security Update for qemu-kvm 4.2.0"},{"cve":"CVE-2020-35505","qid":"903594","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (4321)"},{"cve":"CVE-2020-35505","qid":"904518","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (4321-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-35505","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"QEMU","version":{"version_data":[{"version_value":"qemu 6.0.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-476"}]}]},"references":{"reference_data":[{"refsource":"MLIST","name":"[oss-security] 20210416 QEMU: ESP security fixes","url":"http://www.openwall.com/lists/oss-security/2021/04/16/3"},{"refsource":"MISC","name":"https://www.openwall.com/lists/oss-security/2021/04/16/3","url":"https://www.openwall.com/lists/oss-security/2021/04/16/3"},{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1909769","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909769"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210713-0006/","url":"https://security.netapp.com/advisory/ntap-20210713-0006/"},{"refsource":"GENTOO","name":"GLSA-202208-27","url":"https://security.gentoo.org/glsa/202208-27"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"}]},"description":{"description_data":[{"lang":"eng","value":"A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."}]}},"nvd":{"publishedDate":"2021-05-28 11:15:00","lastModifiedDate":"2022-09-22 21:03:00","problem_types":["CWE-476"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":4.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qemu:qemu:6.0.0:rc2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:qemu:qemu:6.0.0:rc1:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"35505","Ordinal":"194180","Title":"CVE-2020-35505","CVE":"CVE-2020-35505","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"35505","Ordinal":"1","NoteData":"A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"35505","Ordinal":"2","NoteData":"2021-05-28","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"35505","Ordinal":"3","NoteData":"2021-07-13","Type":"Other","Title":"Modified"}]}}}