CVE-2020-35506 — Use After Free in Qemu

CWE-416 — Use After Free6 documents6 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 91.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Msrc CM1 Qemu-kvm 4.2.0-37 ON CBL Mariner 1.0

Timeline

PublishedMay 28

Latest updateMay 24

Description

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages5 packages

▶NVDqemu/qemu< 6.0.0

▶debiandebian/qemu< qemu 1:6.0+dfsg-3 (bookworm)

▶Debianqemu/qemu< 1:6.0+dfsg-3+2

▶CVEListV5qemu/qemuqemu 6.0.0

▶msrcmsrc/cm1_qemu-kvm_4.2.0-37_on_cbl_mariner_1.0

🔴Vulnerability Details

GHSA

GHSA-qfjc-pj3q-qmpf: A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6↗2022-05-24

▶

OSV

CVE-2020-35506: A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6↗2021-05-28

▶

📋Vendor Advisories

Microsoft

▶

Red Hat

QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c↗2020-12-22

▶

Debian

CVE-2020-35506: qemu - A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter e...↗2020

▶