Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-35505

Опубликовано: 28 мая 2021
Источник: nvd
CVSS3: 4.4
CVSS2: 2.1
EPSS Низкий

Описание

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Версия до 6.0.0 (исключая)
cpe:2.3:a:qemu:qemu:6.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:6.0.0:rc2:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 3%
0.00017
Низкий

4.4 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-476
CWE-476

Связанные уязвимости

ubuntu логотип

CVE-2020-35505

CVSS3: 4.4
ubuntu
больше 4 лет назад

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

redhat логотип

CVE-2020-35505

CVSS3: 3.2
redhat
около 5 лет назад

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

msrc логотип

CVE-2020-35505

CVSS3: 4.4
msrc
больше 4 лет назад

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host resulting in a denial of service. The highest threat from this vulnerability is to system availability.

debian логотип

CVE-2020-35505

CVSS3: 4.4
debian
больше 4 лет назад

A NULL pointer dereference flaw was found in the am53c974 SCSI host bu ...

github логотип

GHSA-h3ch-qvjw-gr8j

CVSS3: 4.4
github
больше 3 лет назад

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

EPSS

Процентиль: 3%
0.00017
Низкий

4.4 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-476
CWE-476