CVE-2020-35503
https://notcve.org/view.php?id=CVE-2020-35503
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de desreferencia del puntero NULL en la emulación megasas-gen2 SCSI host bus adapter de QEMU en versiones anteriores a 6.0 incluyéndola. • https://bugzilla.redhat.com/show_bug.cgi?id=1910346 https://security.netapp.com/advisory/ntap-20210720-0008 • CWE-476: NULL Pointer Dereference •
CVE-2020-35506
https://notcve.org/view.php?id=CVE-2020-35506
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process. Se encontró una vulnerabilidad de uso de memoria previamente liberada en la emulación del adaptador bus de host SCSI am53c974 de QEMU en versiones anteriores a 6.0.0, durante el manejo del comando "Information Transfer" (CMD_TI). Este fallo permite a un usuario invitado privilegiado bloquear el proceso QEMU en el host, resultando en una denegación de servicio o una posible ejecución de código con los privilegios del proceso QEMU • http://www.openwall.com/lists/oss-security/2021/04/16/3 https://bugzilla.redhat.com/show_bug.cgi?id=1909996 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210713-0006 https://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-416: Use After Free •
CVE-2020-35505
https://notcve.org/view.php?id=CVE-2020-35505
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo de desreferencia del puntero NULL en la emulación del adaptador de bus de host SCSI am53c974 de QEMU en versiones anteriores a 6.0.0. • http://www.openwall.com/lists/oss-security/2021/04/16/3 https://bugzilla.redhat.com/show_bug.cgi?id=1909769 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210713-0006 https://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-476: NULL Pointer Dereference •
CVE-2020-35504
https://notcve.org/view.php?id=CVE-2020-35504
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo de desreferencia del puntero NULL en el soporte de emulación SCSI de QEMU en versiones anteriores a 6.0.0. Este fallo permite a un usuario invitado privilegiado bloquear el proceso QEMU en el host, resultando en una denegación de servicio. • http://www.openwall.com/lists/oss-security/2021/04/16/3 https://bugzilla.redhat.com/show_bug.cgi?id=1909766 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210713-0006 https://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-476: NULL Pointer Dereference •
CVE-2021-3527
https://notcve.org/view.php?id=CVE-2021-3527
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service. Se encontró un fallo en el dispositivo redirector USB (usb-redir) de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1955695 https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210708-0008 https://www.openwall.com/lists/oss-security/ • CWE-770: Allocation of Resources Without Limits or Throttling •