CVE-2020-35505

NameCVE-2020-35505
DescriptionA NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3099-1, ELA-705-1
Debian Bugs984455

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)jessie, jessie (lts)1:2.1+dfsg-12+deb8u23fixed
stretch (security)1:2.8+dfsg-6+deb9u17vulnerable
stretch (lts), stretch1:2.8+dfsg-6+deb9u19fixed
buster (security), buster, buster (lts)1:3.1+dfsg-8+deb10u12fixed
bullseye1:5.2+dfsg-11+deb11u3vulnerable
bullseye (security)1:5.2+dfsg-11+deb11u2vulnerable
bookworm1:7.2+dfsg-7+deb12u7fixed
sid, trixie1:9.1.1+ds-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusourceexperimental1:6.0+dfsg-1~exp0
qemusourcejessie1:2.1+dfsg-12+deb8u23ELA-705-1
qemusourcestretch1:2.8+dfsg-6+deb9u18ELA-705-1
qemusourcebuster1:3.1+dfsg-8+deb10u9DLA-3099-1
qemusource(unstable)1:6.0+dfsg-3984455

Notes

[bullseye] - qemu <ignored> (Minor issue)
[stretch] - qemu <postponed> (Fix along in future DLA)
https://bugzilla.redhat.com/show_bug.cgi?id=1909769
https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer)
https://git.qemu.org/?p=qemu.git;a=commit;h=0db895361b8a82e1114372ff9f4857abea605701
https://git.qemu.org/?p=qemu.git;a=commit;h=e392255766071c8cac480da3a9ae4f94e56d7cbc
https://git.qemu.org/?p=qemu.git;a=commit;h=e5455b8c1c6170c788f3c0fd577cc3be53539a99
https://git.qemu.org/?p=qemu.git;a=commit;h=c5fef9112b15c4b5494791cdf8bbb40bc1938dd3
https://git.qemu.org/?p=qemu.git;a=commit;h=7b320a8e67a534925048cbabfa51431e0349dafd
https://git.qemu.org/?p=qemu.git;a=commit;h=99545751734035b76bd372c4e7215bb337428d89
https://git.qemu.org/?p=qemu.git;a=commit;h=fa7505c154d4d00ad89a747be2eda556643ce00e
https://git.qemu.org/?p=qemu.git;a=commit;h=fbc6510e3379fa8f8370bf71198f0ce733bf07f9
https://git.qemu.org/?p=qemu.git;a=commit;h=0ebb5fd80589835153a0c2baa1b8cc7a04e67a93
https://git.qemu.org/?p=qemu.git;a=commit;h=324c8809897c8c53ad05c3a7147d272f1711cd5e
https://git.qemu.org/?p=qemu.git;a=commit;h=607206948cacda4a80be5b976dba490970a18a76

Search for package or bug name: Reporting problems