Vulnerabilities > CVE-2020-35503 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
local
low complexity
qemu
fedoraproject
CWE-476

Summary

A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Vulnerable Configurations

Part Description Count
Application
Qemu
347
OS
Fedoraproject
1

Common Weakness Enumeration (CWE)