PT-2012-4186 · Libvirt+2 · Libvirt+2

Petr Matousek

Published

2012-06-17

Updated

2013-01-15

CVE-2012-2693

CVSS v2.0

3.7

Low

Vector

AV:L/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 0.9.12

Description The issue arises from the improper assignment of USB devices to virtual machines when multiple devices share the same vendor and product ID. This could lead to the wrong device being associated with a guest, potentially allowing local users to access unintended USB devices.

Recommendations For versions prior to 0.9.12, update to version 0.9.12 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2012_0748

CVE-2012-2693

RHSA-2012:0748

RHSA-2012_0748

RHSA-2013:0127

RHSA-2013_0127

Affected Products

Centos

Red Hat

Libvirt

PT-2012-4186 · Libvirt+2 · Libvirt+2

CVE-2012-2693

Weakness Enumeration

Related Identifiers

Affected Products

References · 19