Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-35504

Опубликовано: 28 мая 2021
Источник: debian
EPSS Низкий

Описание

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qemufixed1:6.0+dfsg-1~exp0experimentalpackage
qemufixed1:6.0+dfsg-3package
qemuignoredbullseyepackage
qemupostponedstretchpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=1909766

  • https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer)

  • https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html

  • https://git.qemu.org/?p=qemu.git;a=commit;h=0db895361b8a82e1114372ff9f48

  • https://git.qemu.org/?p=qemu.git;a=commit;h=e392255766071c8cac480da3a9ae

  • https://git.qemu.org/?p=qemu.git;a=commit;h=e5455b8c1c6170c788f3c0fd577c

  • https://git.qemu.org/?p=qemu.git;a=commit;h=c5fef9112b15c4b5494791cdf8bb

  • https://git.qemu.org/?p=qemu.git;a=commit;h=7b320a8e67a534925048cbabfa51

  • https://git.qemu.org/?p=qemu.git;a=commit;h=99545751734035b76bd372c4e721

  • https://git.qemu.org/?p=qemu.git;a=commit;h=fa7505c154d4d00ad89a747be2ed

  • https://git.qemu.org/?p=qemu.git;a=commit;h=fbc6510e3379fa8f8370bf71198f

  • https://git.qemu.org/?p=qemu.git;a=commit;h=0ebb5fd80589835153a0c2baa1b8

  • https://git.qemu.org/?p=qemu.git;a=commit;h=324c8809897c8c53ad05c3a7147d

  • https://git.qemu.org/?p=qemu.git;a=commit;h=607206948cacda4a80be5b976dba

EPSS

Процентиль: 2%
0.00015
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-35504

CVSS3: 6
ubuntu
больше 4 лет назад

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

redhat логотип

CVE-2020-35504

CVSS3: 3.2
redhat
около 5 лет назад

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

nvd логотип

CVE-2020-35504

CVSS3: 6
nvd
больше 4 лет назад

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

msrc логотип

CVE-2020-35504

CVSS3: 6
msrc
4 месяца назад

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

github логотип

GHSA-9hxx-56x6-jhj8

CVSS3: 6
github
больше 3 лет назад

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

EPSS

Процентиль: 2%
0.00015
Низкий