Vulnerabilities > CVE-2020-35506 - Unspecified vulnerability in Qemu

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

qemu

NVD

Published: 2021-05-28

Updated: 2024-11-21

Summary

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.

Vulnerable Configurations

Part	Description	Count
Application	Qemu Qemu Qemu 6.0.0 Qemu Qemu 6.1.0 Qemu Qemu 6.1.50 Qemu Qemu 6.2.0 Qemu Qemu 6.2.0-7 Qemu Qemu 07-20-2020 Qemu Qemu 7.0.0 Qemu Qemu 7.1.0 Qemu Qemu 7.2.0 Qemu Qemu 7.2.1 Qemu Qemu 7.2.2 Qemu Qemu 7.2.3 Qemu Qemu 8.0.0 Qemu Qemu 8.0.1 Qemu Qemu 8.0.2 Qemu Qemu 8.0.3 Qemu Qemu 8.0.4 Qemu Qemu 8.0.5 Qemu Qemu 8.1.0 Qemu Qemu 8.1.1 Qemu Qemu 8.1.2 Qemu Qemu 8.2.0 Qemu Qemu 8.2.1 Qemu Qemu 9.0.0 Qemu Qemu 2021-05-05	67

Summary

Vulnerable Configurations

References