Vulnerabilities > CVE-2020-35503

CVSS 6.0 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

qemu

fedoraproject

NVD

Published: 2021-06-02

Updated: 2024-11-21

Summary

A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Vulnerable Configurations

Part	Description	Count
Application	Qemu Qemu Qemu 6.0.0 Qemu Qemu 6.1.0 Qemu Qemu 6.1.50 Qemu Qemu 6.2.0 Qemu Qemu 6.2.0-7 Qemu Qemu 07-20-2020 Qemu Qemu 7.0.0 Qemu Qemu 7.1.0 Qemu Qemu 7.2.0 Qemu Qemu 7.2.1 Qemu Qemu 7.2.2 Qemu Qemu 7.2.3 Qemu Qemu 8.0.0 Qemu Qemu 8.0.1 Qemu Qemu 8.0.2 Qemu Qemu 8.0.3 Qemu Qemu 8.0.4 Qemu Qemu 8.0.5 Qemu Qemu 8.1.0 Qemu Qemu 8.1.1 Qemu Qemu 8.1.2 Qemu Qemu 8.2.0 Qemu Qemu 8.2.1 Qemu Qemu 9.0.0 Qemu Qemu 2021-05-05	67
OS	Fedoraproject Fedoraproject Fedora 33	1

Vulnerabilities > CVE-2020-35503 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2020-35503"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2020-35503