CVE-2012-2693 — Redhat Libvirt vulnerability

CWE-2648 documents7 sources

Severity

3.7LOWNVD

EPSS

0.1%

top 81.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Libvirt

Timeline

PublishedJun 17

Latest updateMay 17

Description

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages2 packages

▶Debianredhat/libvirt< 0.9.12-1+3

▶NVDredhat/libvirt0.9.11+66

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-p575-v2mx-34m6: libvirt, possibly before 0↗2022-05-17

▶

CVEList

CVE-2012-2693: libvirt, possibly before 0↗2012-06-17

▶

OSV

CVE-2012-2693: libvirt, possibly before 0↗2012-06-17

▶

📋Vendor Advisories

Red Hat

libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored↗2012-04-28

▶

Debian

CVE-2012-2693: libvirt - libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual...↗2012

▶

💬Community

Bugzilla

CVE-2012-2693 libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored↗2012-06-12

▶

Bugzilla

CVE-2012-2693 libvirt ignores address bus= device= when identicle vendor ID/product IDs usb devices attached with either virsh or virt-manager [fedora-all]↗2012-04-26

▶