Published: 21/03/2019 Updated: 05/04/2022

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

hw/ppc/spapr.c in QEMU up to and including 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
opensuse leap 15.0
opensuse leap 42.3

Debian Bug report logs - #922923 qemu: CVE-2019-8934: ppc64: sPAPR emulator leaks the host hardware identity Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 21 Feb 2019 21:27:02 UTC Severity: norm ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2019-8934 QEMU: ppc64: sPAPR emulator leaks the host hardware identity  <!--X-Head-of-Message-- ...

CWE-668 https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html http://www.securityfocus.com/bid/107115 http://www.openwall.com/lists/oss-security/2019/02/21/1 https://security.netapp.com/advisory/ntap-20190411-0006/http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922923 https://nvd.nist.gov

CVE-2019-8934

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect