Published: 28/05/2021 Updated: 31/08/2022

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions prior to 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu

Debian Bug report logs - #984454 CVE-2020-35506 Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 3 Mar 2021 19:27:04 UTC Severity: normal Tags: security, upst ...

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU It could occur in the esp_do_dma() function in hw/scsi/espc while handling the 'Information Transfer' command (CMD_TI) A privileged guest user may abuse this issue to crash the QEMU process on the host, resulting in a denial of service or potential c ...

oss-sec mailing list archives   By Date By Thread </form>    QEMU: ESP security fixes   From: Mauro Matteo Cascella <mcascell () re ...

CWE-416 http://www.openwall.com/lists/oss-security/2021/04/16/3 https://www.openwall.com/lists/oss-security/2021/04/16/3 https://bugzilla.redhat.com/show_bug.cgi?id=1909996 https://security.netapp.com/advisory/ntap-20210713-0006/https://security.gentoo.org/glsa/202208-27 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984454 https://nvd.nist.gov https://security.archlinux.org/CVE-2020-35506

CVE-2020-35506

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect