CVE-2020-35504

Published: 28 May 2021

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Priority

Low

CVSS 3 base score: 6.0

Status

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35504
• https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg06550.html
• https://lists.gnu.org/archive/html/qemu-devel/2021-04/msg01000.html
• https://ubuntu.com/security/notices/USN-5010-1
• NVD
• Launchpad
• Debian

Bugs

• https://bugzilla.redhat.com/show_bug.cgi?id=1909766
• https://bugs.launchpad.net/qemu/+bug/1910723