Bug 1180435 - (CVE-2020-35506) VUL-0: CVE-2020-35506: kvm,qemu,xen: use after free vulnerability in esp_do_dma() in hw/scsi/esp.c
(CVE-2020-35506)
VUL-0: CVE-2020-35506: kvm,qemu,xen: use after free vulnerability in esp_do_d...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/274106/
CVSSv3.1:SUSE:CVE-2020-35506:5.6:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-12-29 12:37 UTC by Alexander Bergmann
Modified: 2022-09-16 12:33 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2020-12-29 12:37:51 UTC
rh#1909996

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU. It could occur in the esp_do_dma() function in hw/scsi/esp.c while handling the 'Information Transfer' command (CMD_TI). A privileged guest user may abuse this issue to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1909996
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506
Comment 5 Swamp Workflow Management 2021-08-20 13:39:02 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2789-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    qemu-4.2.1-11.28.1
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    qemu-4.2.1-11.28.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    qemu-4.2.1-11.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2021-08-20 13:43:22 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:2789-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-4.2.1-11.28.1
Comment 7 Swamp Workflow Management 2021-08-23 13:32:31 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2813-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    qemu-3.1.1.1-57.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2021-08-26 19:16:54 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:1202-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611,CVE-2021-3682
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    qemu-4.2.1-lp152.9.20.1, qemu-linux-user-4.2.1-lp152.9.20.1, qemu-testsuite-4.2.1-lp152.9.20.1
Comment 9 Swamp Workflow Management 2021-08-27 13:23:03 UTC
# maintenance_jira_update_notice
SUSE-SU-2021:2858-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1188299,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    qemu-5.2.0-103.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    qemu-5.2.0-103.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2021-08-27 13:25:00 UTC
# maintenance_jira_update_notice
openSUSE-SU-2021:2858-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1188299,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-5.2.0-103.2
Comment 15 Swamp Workflow Management 2021-10-28 19:17:41 UTC
SUSE-SU-2021:3575-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    qemu-2.6.2-41.73.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2021-11-04 17:23:48 UTC
openSUSE-SU-2021:3614-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-3.1.1.1-80.40.1
Comment 17 Swamp Workflow Management 2021-11-04 17:26:11 UTC
SUSE-SU-2021:3614-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    qemu-3.1.1.1-80.40.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    qemu-3.1.1.1-80.40.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    qemu-3.1.1.1-80.40.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    qemu-3.1.1.1-80.40.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    qemu-3.1.1.1-80.40.1
SUSE Enterprise Storage 6 (src):    qemu-3.1.1.1-80.40.1
SUSE CaaS Platform 4.0 (src):    qemu-3.1.1.1-80.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2021-11-04 17:31:33 UTC
SUSE-SU-2021:3613-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    qemu-2.11.2-70.59.1
SUSE Linux Enterprise Server 15-LTSS (src):    qemu-2.11.2-70.59.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    qemu-2.11.2-70.59.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    qemu-2.11.2-70.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2021-11-09 14:18:17 UTC
SUSE-SU-2021:3635-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    qemu-2.11.2-5.40.2
SUSE OpenStack Cloud 9 (src):    qemu-2.11.2-5.40.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    qemu-2.11.2-5.40.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    qemu-2.11.2-5.40.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Carlos López 2022-09-16 12:33:55 UTC
Done, closing.