CVE-2020-35505: Null Pointer Dereference
First published: Mon Dec 21 2020(Updated: )
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU qemu | <6.0.0 | |
| QEMU qemu | =6.0.0-rc1 | |
| QEMU qemu | =6.0.0-rc2 | |
| Debian Debian Linux | =10.0 | |
| redhat/qemu | <6.0.0 | 6.0.0 |
| debian/qemu | <=1:5.2+dfsg-11+deb11u3<=1:5.2+dfsg-11+deb11u2 | 1:7.2+dfsg-7+deb12u7 1:9.2.0+ds-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2021/04/16/3
- https://bugzilla.redhat.com/show_bug.cgi?id=1909769
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- https://security.gentoo.org/glsa/202208-27
- https://security.netapp.com/advisory/ntap-20210713-0006/
- https://www.openwall.com/lists/oss-security/2021/04/16/3
- https://launchpad.net/bugs/cve/CVE-2020-35505
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1909770
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1909771
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1909769#c0
- https://bugs.launchpad.net/qemu/+bug/1910723
- https://lists.gnu.org/archive/html/qemu-devel/2021-04/msg01000.html
- https://git.qemu.org/?p=qemu.git;a=commit;h=0db895361b8a82e1114372ff9f4857abea605701
- https://git.qemu.org/?p=qemu.git;a=commit;h=e392255766071c8cac480da3a9ae4f94e56d7cbc
- https://git.qemu.org/?p=qemu.git;a=commit;h=e5455b8c1c6170c788f3c0fd577cc3be53539a99
- https://git.qemu.org/?p=qemu.git;a=commit;h=c5fef9112b15c4b5494791cdf8bbb40bc1938dd3
- https://git.qemu.org/?p=qemu.git;a=commit;h=7b320a8e67a534925048cbabfa51431e0349dafd
- https://git.qemu.org/?p=qemu.git;a=commit;h=99545751734035b76bd372c4e7215bb337428d89
- https://git.qemu.org/?p=qemu.git;a=commit;h=fa7505c154d4d00ad89a747be2eda556643ce00e
- https://git.qemu.org/?p=qemu.git;a=commit;h=fbc6510e3379fa8f8370bf71198f0ce733bf07f9
- https://git.qemu.org/?p=qemu.git;a=commit;h=0ebb5fd80589835153a0c2baa1b8cc7a04e67a93
- https://git.qemu.org/?p=qemu.git;a=commit;h=324c8809897c8c53ad05c3a7147d272f1711cd5e
- https://git.qemu.org/?p=qemu.git;a=commit;h=607206948cacda4a80be5b976dba490970a18a76
- https://security-tracker.debian.org/tracker/CVE-2020-35505
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35505
- https://nvd.nist.gov/vuln/detail/CVE-2020-35505
- https://ubuntu.com/security/CVE-2020-35505
Frequently Asked Questions
What is CVE-2020-35505?
CVE-2020-35505 is a NULL pointer dereference flaw found in the am53c974 SCSI host bus adapter emulation of QEMU.
What is the severity of CVE-2020-35505?
CVE-2020-35505 has a severity rating of 4.4 (medium).
How does CVE-2020-35505 impact QEMU?
CVE-2020-35505 allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
Which versions of QEMU are affected by CVE-2020-35505?
Versions before 6.0.0 of QEMU are affected by CVE-2020-35505.
How can I mitigate CVE-2020-35505?
To mitigate CVE-2020-35505, update QEMU to version 6.0.0 or later.
- collector/nvd-index
- agent/type
- agent/author
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-35505
- agent/software-canonical-lookup
- agent/severity
- collector/nvd-cve
- source/NVD
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/qemu
- canonical/qemu qemu
- version/qemu qemu/6.0.0-rc1
- version/qemu qemu/6.0.0-rc2
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- package-manager/redhat
- package-manager/debian