Unrated severityNVD Advisory· Published May 28, 2021· Updated Aug 4, 2024
CVE-2020-35505
CVE-2020-35505
Description
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
28- osv-coords26 versionspkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/qemu-testsuite&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/qemu&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/qemu&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 4.2.1-lp152.9.20.1+ 25 more
- (no CPE)range: < 4.2.1-lp152.9.20.1
- (no CPE)range: < 4.2.1-11.28.1
- (no CPE)range: < 4.2.1-lp152.9.20.1
- (no CPE)range: < 4.2.1-lp152.9.20.1
- (no CPE)range: < 3.1.1.1-80.40.1
- (no CPE)range: < 3.1.1.1-80.40.1
- (no CPE)range: < 3.1.1.1-80.40.1
- (no CPE)range: < 2.11.2-70.59.1
- (no CPE)range: < 2.11.2-70.59.1
- (no CPE)range: < 4.2.1-11.28.1
- (no CPE)range: < 4.2.1-11.28.1
- (no CPE)range: < 5.2.0-103.2
- (no CPE)range: < 4.2.1-11.28.1
- (no CPE)range: < 5.2.0-103.2
- (no CPE)range: < 2.6.2-41.73.1
- (no CPE)range: < 2.11.2-5.40.2
- (no CPE)range: < 3.1.1.1-57.2
- (no CPE)range: < 3.1.1.1-80.40.1
- (no CPE)range: < 3.1.1.1-80.40.1
- (no CPE)range: < 2.11.2-70.59.1
- (no CPE)range: < 2.11.2-5.40.2
- (no CPE)range: < 3.1.1.1-57.2
- (no CPE)range: < 2.11.2-70.59.1
- (no CPE)range: < 3.1.1.1-80.40.1
- (no CPE)range: < 2.11.2-5.40.2
- (no CPE)range: < 2.11.2-5.40.2
Patches
Vulnerability mechanics
References
6- security.gentoo.org/glsa/202208-27mitrevendor-advisoryx_refsource_GENTOO
- www.openwall.com/lists/oss-security/2021/04/16/3mitremailing-listx_refsource_MLIST
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2022/09/msg00008.htmlmitremailing-listx_refsource_MLIST
- security.netapp.com/advisory/ntap-20210713-0006/mitrex_refsource_CONFIRM
- www.openwall.com/lists/oss-security/2021/04/16/3mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.