Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-35506

Published: 28 May 2021

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.

Notes

AuthorNote
mdeslaur
same commits as CVE-2020-35504
qemu in hirsute and older doesn't implement FIFO, it doesn't
appear to be vulnerable to this specific CVE

Priority

Low

Cvss 3 Severity Score

6.7

Score breakdown

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
impish
Released (1:6.0+dfsg-1~ubuntu3)
jammy
Released (1:6.0+dfsg-1~ubuntu3)
upstream Needs triage

xenial Not vulnerable
(code not present)
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
hirsute Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
Patches:
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=0db895361b8a82e1114372ff9f48
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=e392255766071c8cac480da3a9ae
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=e5455b8c1c6170c788f3c0fd577c
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=c5fef9112b15c4b5494791cdf8bb
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=7b320a8e67a534925048cbabfa51 (main)
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=99545751734035b76bd372c4e721
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=fa7505c154d4d00ad89a747be2ed (main)
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=fbc6510e3379fa8f8370bf71198f (main)
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=0ebb5fd80589835153a0c2baa1b8
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=324c8809897c8c53ad05c3a7147d
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=607206948cacda4a80be5b976dba
qemu-kvm
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

Severity score breakdown

Parameter Value
Base score 6.7
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H