Unrated severityNVD Advisory· Published May 28, 2021· Updated Aug 4, 2024

CVE-2020-35505

Description

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Affected products

N/A/Qemuv5
Range: qemu 6.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202208-27mitrevendor-advisoryx_refsource_GENTOO
www.openwall.com/lists/oss-security/2021/04/16/3mitremailing-listx_refsource_MLIST
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2022/09/msg00008.htmlmitremailing-listx_refsource_MLIST
security.netapp.com/advisory/ntap-20210713-0006/mitrex_refsource_CONFIRM
www.openwall.com/lists/oss-security/2021/04/16/3mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000