CVE-2020-35506

NameCVE-2020-35506
DescriptionA use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs984454

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)jessie, jessie (lts)1:2.1+dfsg-12+deb8u23fixed
stretch (security)1:2.8+dfsg-6+deb9u17fixed
stretch (lts), stretch1:2.8+dfsg-6+deb9u19fixed
buster1:3.1+dfsg-8+deb10u8fixed
buster (security)1:3.1+dfsg-8+deb10u12fixed
bullseye1:5.2+dfsg-11+deb11u3vulnerable
bullseye (security)1:5.2+dfsg-11+deb11u2vulnerable
bookworm1:7.2+dfsg-7+deb12u5fixed
trixie1:8.2.1+ds-2fixed
sid1:8.2.2+ds-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusourceexperimental1:6.0+dfsg-1~exp0
qemusourcejessie(not affected)
qemusourcestretch(not affected)
qemusourcebuster(not affected)
qemusource(unstable)1:6.0+dfsg-3984454

Notes

[bullseye] - qemu <ignored> (Minor issue)
[buster] - qemu <not-affected> (Vulnerable code not present, FIFO support added later)
[stretch] - qemu <not-affected> (Vulnerable code not present, FIFO support added later)
https://bugzilla.redhat.com/show_bug.cgi?id=1909996
https://bugs.launchpad.net/qemu/+bug/1909247
[jessie] - qemu <not-affected> (Vulnerable code not present, FIFO support added later)
Search for package or bug name: Reporting problems