DEBIAN-CVE-2020-35505

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2020-35505

Downstream

DLA-3099-1

Published: 28 May 2021, 11:15

Last modified:28 Apr 2026, 20:18

Vulnerability Summary

Overall Risk (default)

low

18/100

CVSS Score

4.4 MEDIUM

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

28 May 2021, 11:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:18

Last Modified

Vulnerability information updated

Description

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CVSS Metrics

v3.1•MEDIUM•Score: 4.4CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Systems

debian•qemu
all | < 1:6.0+dfsg-3 | < 1:6.0+dfsg-3 | < 1:6.0+dfsg-3

References (1)

https://security-tracker.debian.org/tracker/CVE-2020-35505