Your submission was sent successfully! Close

CVE-2019-8934

Published: 21 March 2019

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

Priority

Low

CVSS 3 base score: 3.3

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
bionic Ignored

cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Not vulnerable
(4.0+dfsg-0ubuntu9)
focal Not vulnerable
(4.0+dfsg-0ubuntu9)
precise Does not exist

trusty Ignored

upstream Needs triage

xenial Ignored

qemu-kvm
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

precise Ignored

trusty Does not exist

upstream Needs triage

xenial Does not exist

Notes

AuthorNote
mdeslaur
see debian bug for information on this change that may break
existing functionnality. This fix will break ppc migration.

we will not be fixing this issue in stable releases, marking as
ignored

References

Bugs