1910346 – (CVE-2020-35503) CVE-2020-35503 QEMU: NULL pointer dereference issue in megasas-gen2 host bus adapter

Bug 1910346 (CVE-2020-35503) - CVE-2020-35503 QEMU: NULL pointer dereference issue in megasas-gen2 host bus adapter

Summary: CVE-2020-35503 QEMU: NULL pointer dereference issue in megasas-gen2 host bus ...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2020-35503
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1910366 1910367
Blocks:	1907553
TreeView+	depends on / blocked

Reported:	2020-12-23 14:32 UTC by Mauro Matteo Cascella
Modified:	2021-02-22 18:46 UTC (History)
CC List:	28 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:	2020-12-23 18:27:36 UTC
Embargoed:

Attachments	(Terms of Use)

Description Mauro Matteo Cascella 2020-12-23 14:32:23 UTC

A NULL pointer dereference issue was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU. It could occur in the megasas_command_cancelled() callback function in hw/scsi/megasas.c while dropping a SCSI request. A privileged guest user may exploit this issue to crash the QEMU process on the host, resulting in a denial of service condition.

Comment 1 Mauro Matteo Cascella 2020-12-23 14:32:29 UTC

Acknowledgments:

Name: Cheolwoo Myung

Comment 2 Mauro Matteo Cascella 2020-12-23 15:42:40 UTC

Statement:

This issue does not affect Red Hat Enterprise Linux, Red Hat OpenStack Platform and RHEL Advanced Virtualization, as the `qemu-kvm` package does not include support for the megasas-gen2 host bus adapter emulation.

Comment 3 Mauro Matteo Cascella 2020-12-23 15:43:06 UTC

Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1910366]


Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1910367]

Note You need to log in before you can comment on or make changes to this bug.

berrange
cfergeau
dbecker
itamar
jen
jferlan
jforbes
jjoyce
jmaloy
jschluet
knoel
lhh
lpeer
m.a.young
mburns
mkenneth
mrezanin
mst
ondrejj
pbonzini
philmd
ribarry
rjones
robinlee.sysu
sclewis
slinaber
virt-maint
virt-maint