CVE 2020-35506
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.
Related bugs and status
CVE-2020-35506 (Candidate) is related to these bugs:
Bug #1909247: QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1909247 | QEMU: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c | QEMU | Undecided | Fix Released | ||
Bug #1932175: [21.10 FEAT] CPU Model for new IBM Z Hardware - qemu part
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1932175 | [21.10 FEAT] CPU Model for new IBM Z Hardware - qemu part | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1932175 | [21.10 FEAT] CPU Model for new IBM Z Hardware - qemu part | Ubuntu on IBM z Systems | High | Fix Released | ||
Bug #1936894: microvm is not the default type for qemu-system-x86_64-microvm >=qemu5.2
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1936894 | microvm is not the default type for qemu-system-x86_64-microvm >=qemu5.2 | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1936894 | microvm is not the default type for qemu-system-x86_64-microvm >=qemu5.2 | qemu (Ubuntu Hirsute) | Undecided | Fix Released | ||
Bug #1940029: Default of fcf-protection should only be enabled where it can work
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1940029 | Default of fcf-protection should only be enabled where it can work | gcc-11 (Ubuntu) | Undecided | Fix Released | ||
| 1940029 | Default of fcf-protection should only be enabled where it can work | qemu (Ubuntu) | High | Fix Released | ||
| 1940029 | Default of fcf-protection should only be enabled where it can work | gcc-12 (Ubuntu) | Undecided | Fix Released | ||
| 1940029 | Default of fcf-protection should only be enabled where it can work | gcc-10 (Ubuntu) | Undecided | Fix Released | ||
| 1940029 | Default of fcf-protection should only be enabled where it can work | gcc-12 (Ubuntu Jammy) | Undecided | Fix Released | ||
| 1940029 | Default of fcf-protection should only be enabled where it can work | gcc-10 (Ubuntu Focal) | Undecided | Fix Released | ||
Bug #1940288: migration broken by audio dev
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1940288 | migration broken by audio dev | qemu (Ubuntu) | Low | Fix Released | ||
| 1940288 | migration broken by audio dev | qemu (Ubuntu Focal) | Wishlist | Won't Fix | ||
| 1940288 | migration broken by audio dev | qemu (Ubuntu Hirsute) | Wishlist | Won't Fix | ||
| 1940288 | migration broken by audio dev | qemu (Ubuntu Impish) | Low | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
