Bug 1180432 (CVE-2020-35503) - VUL-0: CVE-2020-35503: qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host bus adapter
Summary: VUL-0: CVE-2020-35503: qemu,kvm,xen: NULL pointer dereference issue in megasa...
Status: RESOLVED FIXED
Alias: CVE-2020-35503
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/274104/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-35503:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-29 12:37 UTC by Alexander Bergmann
Modified: 2024-04-15 14:58 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2020-12-29 12:37:41 UTC 
rh#1910346

A NULL pointer dereference issue was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU. It could occur in the megasas_command_cancelled() callback function in hw/scsi/megasas.c while dropping a SCSI request. A privileged guest user may exploit this issue to crash the QEMU process on the host, resulting in a denial of service condition.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1910346
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503
Comment 1 Bruce Rogers 2021-01-04 22:36:01 UTC 
Looks like this issue corresponds to:
https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html
Comment 6 Swamp Workflow Management 2021-08-20 13:38:41 UTC 
# maintenance_jira_update_notice
SUSE-SU-2021:2789-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
SUSE MicroOS 5.0 (src):    qemu-4.2.1-11.28.1
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    qemu-4.2.1-11.28.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    qemu-4.2.1-11.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2021-08-20 13:43:02 UTC 
# maintenance_jira_update_notice
openSUSE-SU-2021:2789-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-4.2.1-11.28.1
Comment 8 Swamp Workflow Management 2021-08-23 13:32:09 UTC 
# maintenance_jira_update_notice
SUSE-SU-2021:2813-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    qemu-3.1.1.1-57.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2021-08-26 19:16:35 UTC 
# maintenance_jira_update_notice
openSUSE-SU-2021:1202-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1187364,1187365,1187366,1187367,1187499,1187529,1187538,1187539,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3582,CVE-2021-3592,CVE-2021-3593,CVE-2021-3594,CVE-2021-3595,CVE-2021-3607,CVE-2021-3608,CVE-2021-3611,CVE-2021-3682
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    qemu-4.2.1-lp152.9.20.1, qemu-linux-user-4.2.1-lp152.9.20.1, qemu-testsuite-4.2.1-lp152.9.20.1
Comment 10 Swamp Workflow Management 2021-08-27 13:22:44 UTC 
# maintenance_jira_update_notice
SUSE-SU-2021:2858-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1188299,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    qemu-5.2.0-103.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    qemu-5.2.0-103.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2021-08-27 13:24:41 UTC 
# maintenance_jira_update_notice
openSUSE-SU-2021:2858-1: An update that solves 7 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1188299,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-5.2.0-103.2
Comment 16 Swamp Workflow Management 2021-10-28 19:17:25 UTC 
SUSE-SU-2021:3575-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    qemu-2.6.2-41.73.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2021-11-04 17:23:28 UTC 
openSUSE-SU-2021:3614-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    qemu-3.1.1.1-80.40.1
Comment 18 Swamp Workflow Management 2021-11-04 17:25:49 UTC 
SUSE-SU-2021:3614-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    qemu-3.1.1.1-80.40.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    qemu-3.1.1.1-80.40.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    qemu-3.1.1.1-80.40.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    qemu-3.1.1.1-80.40.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    qemu-3.1.1.1-80.40.1
SUSE Enterprise Storage 6 (src):    qemu-3.1.1.1-80.40.1
SUSE CaaS Platform 4.0 (src):    qemu-3.1.1.1-80.40.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2021-11-04 17:31:10 UTC 
SUSE-SU-2021:3613-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    qemu-2.11.2-70.59.1
SUSE Linux Enterprise Server 15-LTSS (src):    qemu-2.11.2-70.59.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    qemu-2.11.2-70.59.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    qemu-2.11.2-70.59.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Swamp Workflow Management 2021-11-09 14:18:02 UTC 
SUSE-SU-2021:3635-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1180432,1180433,1180434,1180435,1182651,1186012,1189145,1189702,1189938
CVE References: CVE-2020-35503,CVE-2020-35504,CVE-2020-35505,CVE-2020-35506,CVE-2021-20255,CVE-2021-3527,CVE-2021-3682,CVE-2021-3713,CVE-2021-3748
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    qemu-2.11.2-5.40.2
SUSE OpenStack Cloud 9 (src):    qemu-2.11.2-5.40.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    qemu-2.11.2-5.40.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    qemu-2.11.2-5.40.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Dario Faggioli 2023-10-06 09:41:13 UTC 
I think this is done... Or am I missing any branch?
Comment 26 Marcus Meissner 2024-04-15 14:58:21 UTC 
done