CVE-2020-35505NULL Pointer Dereference in Qemu

CWE-476NULL Pointer Dereference8 documents7 sources
Severity
4.4MEDIUMNVD
OSV2.3
EPSS
0.1%
top 69.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
QemuDebian QemuDebian Linux+1 more
Timeline
PublishedMay 28
Latest updateMay 24

Description

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages6 packages

NVDqemu/qemu< 6.0.0+1
debiandebian/qemu< qemu 1:6.0+dfsg-3 (bookworm)
Debianqemu/qemu< 1:6.0+dfsg-3+2
Ubuntuqemu/qemu< 1:2.11+dfsg-1ubuntu7.37+1
CVEListV5qemu/qemuqemu 6.0.0

Also affects: Debian Linux 10.0

Patches

Patch: bugzilla.redhat.comPatch: www.openwall.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-h3ch-qvjw-gr8j: A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 62022-05-24
OSV
qemu vulnerabilities2021-07-15
OSV
CVE-2020-35505: A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 62021-05-28

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2021-07-15
Microsoft
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This fl2021-05-11
Red Hat
QEMU: NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c2020-12-21
Debian
CVE-2020-35505: qemu - A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter ...2020