CVE-2019-8934
Published: 21 March 2019
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
Priority
Low
CVSS 3 base score: 3.3
Status
| Package | Release | Status |
|---|---|---|
|
qemu Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Not vulnerable
(4.0+dfsg-0ubuntu9)
|
|
| focal |
Not vulnerable
(4.0+dfsg-0ubuntu9)
|
|
| precise |
Does not exist
|
|
| trusty |
Ignored
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
|
|
|
qemu-kvm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| precise |
Ignored
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
Notes
| Author | Note |
|---|---|
| mdeslaur | see debian bug for information on this change that may break existing functionnality. This fix will break ppc migration. we will not be fixing this issue in stable releases, marking as ignored |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8934
- https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html
- NVD
- Launchpad
- Debian