Bug 1180433 (CVE-2020-35504)

Summary: VUL-0: CVE-2020-35504: kvm,xen,qemu: NULL pointer dereference in scsi_req_continue() in hw/scsi/scsi-bus.c
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: jose.ziviani, smash_bz, thomas.leroy
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/274105/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-35504:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2020-12-29 12:37:45 UTC
rh#1909766

A NULL pointer dereference issue was found in the SCSI emulation support of QEMU. It could occur in the scsi_req_continue() function in hw/scsi/scsi-bus.c while handling the 'Information Transfer' command (CMD_TI) of the am53c974 SCSI host bus adapter. A privileged guest user may abuse this issue to crash the QEMU process on the host, resulting in a denial of service condition.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1909766
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35504
Comment 5 Swamp Workflow Management 2021-08-20 13:38:48 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2789-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    qemu-4.2.1-11.28.1
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    qemu-4.2.1-11.28.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    qemu-4.2.1-11.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2021-08-20 13:43:09 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:2789-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-4.2.1-11.28.1
Comment 7 Swamp Workflow Management 2021-08-23 13:32:16 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2813-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    qemu-3.1.1.1-57.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2021-08-26 19:16:41 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:1202-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611,CVE-2021-3682
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    qemu-4.2.1-lp152.9.20.1, qemu-linux-user-4.2.1-lp152.9.20.1, qemu-testsuite-4.2.1-lp152.9.20.1
Comment 9 Swamp Workflow Management 2021-08-27 13:22:50 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2858-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1188299,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    qemu-5.2.0-103.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    qemu-5.2.0-103.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2021-08-27 13:24:47 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:2858-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1188299,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-5.2.0-103.2
Comment 15 Swamp Workflow Management 2021-10-28 19:17:30 UTC
SUSE-SU-2021:3575-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    qemu-2.6.2-41.73.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2021-11-04 17:23:35 UTC
openSUSE-SU-2021:3614-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-3.1.1.1-80.40.1
Comment 17 Swamp Workflow Management 2021-11-04 17:25:56 UTC
SUSE-SU-2021:3614-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    qemu-3.1.1.1-80.40.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    qemu-3.1.1.1-80.40.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    qemu-3.1.1.1-80.40.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    qemu-3.1.1.1-80.40.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    qemu-3.1.1.1-80.40.1
SUSE Enterprise Storage 6 (src):    qemu-3.1.1.1-80.40.1
SUSE CaaS Platform 4.0 (src):    qemu-3.1.1.1-80.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2021-11-04 17:31:19 UTC
SUSE-SU-2021:3613-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    qemu-2.11.2-70.59.1
SUSE Linux Enterprise Server 15-LTSS (src):    qemu-2.11.2-70.59.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    qemu-2.11.2-70.59.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    qemu-2.11.2-70.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2021-11-09 14:18:07 UTC
SUSE-SU-2021:3635-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    qemu-2.11.2-5.40.2
SUSE OpenStack Cloud 9 (src):    qemu-2.11.2-5.40.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    qemu-2.11.2-5.40.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    qemu-2.11.2-5.40.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Thomas Leroy 2022-06-23 07:50:47 UTC
kvm and xen codestreams don't have the vulnerable code, so I believe all fixed. Closing