Candidate: CVE-2019-8934
PublicDate: 2019-03-21 16:01:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8934
 https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html
Description:
 hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because
 the hypervisor shares the /proc/device-tree/system-id and
 /proc/device-tree/model system attributes with a guest.
Ubuntu-Description: 
Notes: 
 mdeslaur> see debian bug for information on this change that may break
 mdeslaur> existing functionnality. This fix will break ppc migration.
 mdeslaur>
 mdeslaur> we will not be fixing this issue in stable releases, marking as
 mdeslaur> ignored
Bugs: 
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922923
 https://bugzilla.redhat.com/show_bug.cgi?id=1668022
Priority: low
Discovered-by: Daniel P. Berrangé
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [3.3 LOW]
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [3.3 LOW]

Patches_qemu-kvm:
upstream_qemu-kvm: needs-triage
precise/esm_qemu-kvm: ignored
trusty_qemu-kvm: DNE
trusty/esm_qemu-kvm: DNE
xenial_qemu-kvm: DNE
bionic_qemu-kvm: DNE
cosmic_qemu-kvm: DNE
disco_qemu-kvm: DNE
eoan_qemu-kvm: DNE
focal_qemu-kvm: DNE
devel_qemu-kvm: DNE

Patches_qemu:
 upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=27461d69a0f108dea756419251acc3ea65198f1b
upstream_qemu: needs-triage
precise/esm_qemu: DNE
trusty_qemu: ignored (reached end-of-life)
trusty/esm_qemu: ignored
xenial_qemu: ignored
esm-infra/xenial_qemu: ignored
bionic_qemu: ignored
cosmic_qemu: ignored (reached end-of-life)
disco_qemu: ignored (reached end-of-life)
eoan_qemu: not-affected (4.0+dfsg-0ubuntu9)
focal_qemu: not-affected (4.0+dfsg-0ubuntu9)
devel_qemu: not-affected (4.0+dfsg-0ubuntu9)