Note:
This project will be discontinued after December 13, 2021. [more]
2019-03-21
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
Products | Leap, Qemu |
Type | Exposure of Resource to Wrong Sphere (CWE-668) |
First patch | - None (likely due to unavailable code) |
Links |
• http://www.securityfocus.com/bid/107115
• https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html • http://www.openwall.com/lists/oss-security/2019/02/21/1 • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html |