Fedora Account System
Red Hat Associate
Red Hat Customer
It was found that the KVM PPC64 emulator for the sPAPR machine leaks the host hardware identity to all running guests. The sPAPAR(hw/ppc/spapr.c) emulator populates the device tree for the guest with two fields "host-serial" and "host-model". The values for these fields are taken via hypervisor from the host device tree data exposed in "/proc/device-tree/system-id" and "/proc/device-tree/model" file respectively. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html Reference: ---------- -> https://www.openwall.com/lists/oss-security/2019/02/21/1
Acknowledgments: Name: Daniel P. Berrangé (Red Hat)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1679463]