Vulnerability CVE-2020-35505

Vulnerability Name:

CVE-2020-35505 (CCN-200169)

Assigned:

2020-12-21

Published:

2020-12-21

Updated:

2022-09-22

Summary:

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CVSS v3 Severity:

4.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
3.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

3.2 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L)
2.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-476
CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-35505

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20210416 QEMU: ESP security fixes

Source: CCN
Type: Red Hat Bugzilla Bug 1909769
(CVE-2020-35505) - CVE-2020-35505 QEMU: NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1909769

Source: XF
Type: UNKNOWN
qemu-cve202035505-dos(200169)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update

Source: CCN
Type: qemu-devel Web site
[PATCH v4 for-6.0 00/12] esp: fix asserts/segfaults discovered by fuzzer

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-27

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210713-0006/

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/04/16/3

Source: CCN
Type: QEMU Web site
QEMU

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-35505

Vulnerable Configuration:

Configuration 1:

cpe:/a:qemu:qemu:*:*:*:*:*:*:*:* (Version < 6.0.0)

OR cpe:/a:qemu:qemu:6.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:qemu:qemu:6.0.0:rc1:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:qemu:qemu:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8048	P	osc-0.182.0-150100.3.32.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7981	P	vorbis-tools-1.4.0-1.53 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51978	P	Security update for vim (Important)	2022-12-28
oval:org.opensuse.security:def:764	P	Security update for the Linux Kernel (Important)	2022-09-16
oval:org.opensuse.security:def:6137	P	Security update for cifs-utils (Moderate)	2022-08-12
oval:org.opensuse.security:def:3665	P	Security update for harfbuzz (Important)	2022-08-04
oval:org.opensuse.security:def:95428	P	Security update for MozillaThunderbird (Important) (in QA)	2022-08-01
oval:org.opensuse.security:def:95355	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) (Important)	2022-07-21
oval:org.opensuse.security:def:93144	P	(Important)	2022-07-06
oval:org.opensuse.security:def:3468	P	cyrus-sasl-2.1.26-8.7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94580	P	hplip-devel-3.21.10-150400.1.9 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:93297	P	(Important)	2022-05-17
oval:org.opensuse.security:def:102141	P	Security update for python2-numpy (Moderate)	2022-03-31
oval:org.opensuse.security:def:99757	P	(Important)	2022-03-07
oval:org.opensuse.security:def:100068	P	(Important)	2022-01-25
oval:org.opensuse.security:def:6155	P	Security update for libvirt (Important)	2022-01-05
oval:org.opensuse.security:def:99164	P	(Moderate)	2021-12-03
oval:org.opensuse.security:def:88530	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:23990	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:127187	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:89214	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:33736	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:59559	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:89472	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:125623	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:33994	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:59817	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:88213	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:126790	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:106248	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92608	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:8858	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:69749	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:5880	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:66969	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:105659	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:9808	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92019	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:106447	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92807	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:9053	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:69948	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:99359	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:108807	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:105854	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:10170	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92214	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:106734	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92991	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:9416	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:70310	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:99558	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:76374	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:106049	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:10359	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:92409	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:8669	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:69556	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:98969	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:76037	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:111773	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:9609	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:70499	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:6217	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:67306	P	Security update for qemu (Important)	2021-11-04
oval:org.opensuse.security:def:83467	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:29438	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:55261	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:30140	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:55963	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:82645	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:30260	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:56083	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:83347	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:102068	P	Security update for apache2 (Important)	2021-10-26
oval:org.opensuse.security:def:33001	P	Security update for qemu (Moderate)	2021-09-09
oval:org.opensuse.security:def:58824	P	Security update for qemu (Moderate)	2021-09-09
oval:org.opensuse.security:def:87465	P	Security update for qemu (Moderate)	2021-09-09
oval:org.opensuse.security:def:73876	P	Security update for qemu (Moderate)	2021-08-27
oval:org.opensuse.security:def:76312	P	Security update for qemu (Moderate)	2021-08-27
oval:org.opensuse.security:def:1625	P	Security update for qemu (Moderate)	2021-08-27
oval:org.opensuse.security:def:69137	P	Security update for qemu (Moderate)	2021-08-27
oval:org.opensuse.security:def:64754	P	Security update for qemu (Moderate)	2021-08-27
oval:org.opensuse.security:def:111691	P	Security update for qemu (Moderate)	2021-08-27
oval:org.opensuse.security:def:101495	P	Security update for qemu (Moderate)	2021-08-27
oval:org.opensuse.security:def:67244	P	Security update for qemu (Moderate)	2021-08-27
oval:org.opensuse.security:def:102201	P	Security update for qemu (Moderate)	2021-08-27
oval:org.opensuse.security:def:111033	P	Security update for qemu (Important)	2021-08-26
oval:org.opensuse.security:def:34514	P	Security update for qemu (Moderate)	2021-08-23
oval:org.opensuse.security:def:60337	P	Security update for qemu (Moderate)	2021-08-23
oval:org.opensuse.security:def:73679	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:117473	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:108734	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:76294	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:69070	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:64557	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:96062	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:118514	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:111672	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:102752	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:67226	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:101293	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:75964	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:109418	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:42111	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:5807	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:66896	P	Security update for qemu (Moderate)	2021-08-20
oval:org.opensuse.security:def:107959	P	Security update for qemu (Moderate)	2021-08-20

BACK