CVE-2019-8934

EUVD-2019-18322
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
qemuqemu
𝑥
≤ 3.1.0
opensuseleap
15.0
opensuseleap
42.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
buster
ignored
jessie
ignored
sid
1:9.1.1+ds-2
fixed
stretch
ignored
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
bionic
ignored
cosmic
ignored
disco
ignored
eoan
not-affected
focal
not-affected
trusty
ignored
xenial
ignored
qemu-kvm
bionic
dne
cosmic
dne
disco
dne
eoan
dne
focal
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html
http://www.openwall.com/lists/oss-security/2019/02/21/1
http://www.securityfocus.com/bid/107115
https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html
https://security.netapp.com/advisory/ntap-20190411-0006/
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html
http://www.openwall.com/lists/oss-security/2019/02/21/1
http://www.securityfocus.com/bid/107115
https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html
https://security.netapp.com/advisory/ntap-20190411-0006/