CVE-2020-35505
N/A
N/A
Summary
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | QEMU | qemu 6.0.0 | affected |
Weaknesses
- CWE-476: CWE-476
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2021/04/16/3
- https://www.openwall.com/lists/oss-security/2021/04/16/3
- https://bugzilla.redhat.com/show_bug.cgi?id=1909769
- https://security.netapp.com/advisory/ntap-20210713-0006/
- https://security.gentoo.org/glsa/202208-27
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
References
- http://www.openwall.com/lists/oss-security/2021/04/16/3
- https://www.openwall.com/lists/oss-security/2021/04/16/3
- https://bugzilla.redhat.com/show_bug.cgi?id=1909769
- https://security.netapp.com/advisory/ntap-20210713-0006/
- https://security.gentoo.org/glsa/202208-27
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.