CVE-2020-35505
Published: 28 May 2021
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Notes
Author | Note |
---|---|
mdeslaur | same commits as CVE-2020-35504 |
Priority
Status
Package | Release | Status |
---|---|---|
qemu Launchpad, Ubuntu, Debian |
bionic |
Released
(1:2.11+dfsg-1ubuntu7.37)
|
focal |
Released
(1:4.2-3ubuntu6.17)
|
|
groovy |
Released
(1:5.0-5ubuntu9.9)
|
|
hirsute |
Released
(1:5.2+dfsg-9ubuntu3.1)
|
|
impish |
Released
(1:6.0+dfsg-1~ubuntu3)
|
|
jammy |
Released
(1:6.0+dfsg-1~ubuntu3)
|
|
kinetic |
Released
(1:6.0+dfsg-1~ubuntu3)
|
|
lunar |
Released
(1:6.0+dfsg-1~ubuntu3)
|
|
mantic |
Released
(1:6.0+dfsg-1~ubuntu3)
|
|
noble |
Released
(1:6.0+dfsg-1~ubuntu3)
|
|
trusty |
Needed
|
|
upstream |
Needs triage
|
|
xenial |
Needed
|
|
Patches: upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=0db895361b8a82e1114372ff9f48 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=e392255766071c8cac480da3a9ae upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=e5455b8c1c6170c788f3c0fd577c upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=c5fef9112b15c4b5494791cdf8bb upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=7b320a8e67a534925048cbabfa51 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=99545751734035b76bd372c4e721 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=fa7505c154d4d00ad89a747be2ed upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=fbc6510e3379fa8f8370bf71198f upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=0ebb5fd80589835153a0c2baa1b8 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=324c8809897c8c53ad05c3a7147d upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=607206948cacda4a80be5b976dba |
||
qemu-kvm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.4 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |