CVE-2020-35504

CVE-2020-35504

Name

CVE-2020-35504

Description

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MLIST	http://www.openwall.com/lists/oss-security/2021/04/16/3
MISC	https://www.openwall.com/lists/oss-security/2021/04/16/3
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=1909766
CONFIRM	https://security.netapp.com/advisory/ntap-20210713-0006/

Type

URI

MLIST

http://www.openwall.com/lists/oss-security/2021/04/16/3

MISC

https://www.openwall.com/lists/oss-security/2021/04/16/3

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1909766

CONFIRM

https://security.netapp.com/advisory/ntap-20210713-0006/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:qemu:qemu::::::::`	qemu	>= None	< 6.0.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

qemu

>= None

< 6.0.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
qemu	3.13-community	5.2.0-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
qemu	3.10-main	4.0.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

qemu

3.13-community

5.2.0-r3

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

qemu

3.10-main

4.0.1-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

References

Match rules

Vulnerable and fixed packages