CVE-2019-8934

Published: Mar 21, 2019Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

Affected (3)

Products: Qemu: Qemu · Opensuse: Leap

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 3.1.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 42.3

Related CWEs

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (12)

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/02/21/1

Source: cve@mitre.org

Mailing ListPatch

http://www.securityfocus.com/bid/107115

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html

Source: cve@mitre.org

ExploitMailing ListPatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20190411-0006/

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html