Alpine: multiple qemu packages: security update to 6.0.0-r2

medium Tenable Cloud Security Plugin ID 406791

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0.
This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of
service. The highest threat from this vulnerability is to system availability. (CVE-2020-35504)

- A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in
versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw
allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
The highest threat from this vulnerability is to system availability. (CVE-2020-35505)

- A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in
versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows
a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or
potential code execution with the privileges of the QEMU process. (CVE-2020-35506)

- A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a
single, large transfer request, to reduce the overhead and improve performance. The combined size of the
bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper
validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the
array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a
denial of service. (CVE-2021-3527)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-35504

https://security.alpinelinux.org/vuln/CVE-2020-35505

https://security.alpinelinux.org/vuln/CVE-2020-35506

https://security.alpinelinux.org/vuln/CVE-2021-3527

Plugin Details

Severity: Medium

ID: 406791

Version: Revision 1.27

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-35506

CVSS v3

Risk Factor: Medium

Base Score: 6.7

Temporal Score: 5.8

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/26/2021

Reference Information

CVE: CVE-2020-35504, CVE-2020-35505, CVE-2020-35506, CVE-2021-3527