Published: 17/06/2012 Updated: 15/01/2013

CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9

VMScore: 329

Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

libvirt, possibly prior to 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat libvirt 0.2.0
redhat libvirt 0.9.1
redhat libvirt 0.9.0
redhat libvirt 0.1.9
redhat libvirt 0.2.2
redhat libvirt 0.1.0
redhat libvirt 0.1.4
redhat libvirt 0.5.1
redhat libvirt 0.6.3
redhat libvirt 0.6.2
redhat libvirt 0.8.4
redhat libvirt 0.4.4
redhat libvirt 0.0.2
redhat libvirt 0.0.1
redhat libvirt 0.7.7
redhat libvirt 0.7.4
redhat libvirt 0.9.6
redhat libvirt 0.9.5
redhat libvirt 0.8.8
redhat libvirt 0.1.8
redhat libvirt 0.2.3
redhat libvirt 0.0.6
redhat libvirt 0.1.5
redhat libvirt 0.8.1
redhat libvirt 0.4.6
redhat libvirt 0.4.0
redhat libvirt 0.6.4
redhat libvirt 0.6.5
redhat libvirt 0.3.0
redhat libvirt 0.2.1
redhat libvirt 0.1.6
redhat libvirt 0.1.3
redhat libvirt 0.8.2
redhat libvirt 0.8.3
redhat libvirt 0.4.5
redhat libvirt 0.3.2
redhat libvirt 0.3.1
redhat libvirt 0.8.7
redhat libvirt 0.4.1
redhat libvirt 0.7.1
redhat libvirt 0.7.6
redhat libvirt 0.9.8
redhat libvirt 0.9.7
redhat libvirt 0.3.3
redhat libvirt 0.8.6
redhat libvirt 0.4.2
redhat libvirt 0.7.2
redhat libvirt 0.7.3
redhat libvirt 0.7.0
redhat libvirt 0.9.10
redhat libvirt 0.9.9
redhat libvirt
redhat libvirt 0.1.7
redhat libvirt 0.1.1
redhat libvirt 0.0.5
redhat libvirt 0.8.0
redhat libvirt 0.5.0
redhat libvirt 0.6.1
redhat libvirt 0.6.0
redhat libvirt 0.8.5
redhat libvirt 0.4.3
redhat libvirt 0.0.4
redhat libvirt 0.0.3
redhat libvirt 0.7.5
redhat libvirt 0.9.2
redhat libvirt 0.9.4
redhat libvirt 0.9.3

Debian Bug report logs - #677496 CVE-2012-2693 Package: libvirt; Maintainer for libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Thu, 14 Jun 2012 10:27:56 UTC Severity: important Tags: security Fixed in version ...

Synopsis Low: libvirt security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic Updated libvirt packages that fix one security issue, multiple bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this updat ...

Synopsis Low: libvirt security and bug fix update Type/Severity Security Advisory: Low Topic Updated libvirt packages that fix one security issue and several bugs arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity impact A Common V ...

CWE-264 https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html http://www.openwall.com/lists/oss-security/2012/06/11/3 http://www.openwall.com/lists/oss-security/2012/06/11/2 http://rhn.redhat.com/errata/RHSA-2012-0748.html http://rhn.redhat.com/errata/RHSA-2013-0127.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677496 https://nvd.nist.gov

CVE-2012-2693

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect