Bugzilla – Bug 1140124
VUL-0: CVE-2019-12928: xen: QEMU machine protocol migrate command execution
Last modified: 2019-07-08 09:05:28 UTC
+++ This bug was initially created as a clone of Bug #1139714 +++
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server.
seems in all qemu / kvm, but not in xen