Lucene search

K
cvelistRedhatCVELIST:CVE-2020-35506
HistoryMay 28, 2021 - 10:20 a.m.

CVE-2020-35506

2021-05-2810:20:55
CWE-416
redhat
www.cve.org

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the ‘Information Transfer’ command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.

CNA Affected

[
  {
    "product": "QEMU",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "qemu 6.0.0"
      }
    ]
  }
]

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%