Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2693

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2012-2693
Last Modified 14 Jan 2013 11:30:36
Published 16 Jun 2012 11:41:42
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2012-2693

Summary

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.

Vulnerable Systems

Application

  • Redhat Libvirt 0.0.1

  • Redhat Libvirt 0.0.2

  • Redhat Libvirt 0.0.3

  • Redhat Libvirt 0.0.4

  • Redhat Libvirt 0.0.5

  • Redhat Libvirt 0.0.6

  • Redhat Libvirt 0.1.0

  • Redhat Libvirt 0.1.1

  • Redhat Libvirt 0.1.3

  • Redhat Libvirt 0.1.4

  • Redhat Libvirt 0.1.5

  • Redhat Libvirt 0.1.6

  • Redhat Libvirt 0.1.7

  • Redhat Libvirt 0.1.8

  • Redhat Libvirt 0.1.9

  • Redhat Libvirt 0.2.0

  • Redhat Libvirt 0.2.1

  • Redhat Libvirt 0.2.2

  • Redhat Libvirt 0.2.3

  • Redhat Libvirt 0.3.0

  • Redhat Libvirt 0.3.1

  • Redhat Libvirt 0.3.2

  • Redhat Libvirt 0.3.3

  • Redhat Libvirt 0.4.0

  • Redhat Libvirt 0.4.1

  • Redhat Libvirt 0.4.2

  • Redhat Libvirt 0.4.3

  • Redhat Libvirt 0.4.4

  • Redhat Libvirt 0.4.5

  • Redhat Libvirt 0.4.6

  • Redhat Libvirt 0.5.0

  • Redhat Libvirt 0.5.1

  • Redhat Libvirt 0.6.0

  • Redhat Libvirt 0.6.1

  • Redhat Libvirt 0.6.2

  • Redhat Libvirt 0.6.3

  • Redhat Libvirt 0.6.4

  • Redhat Libvirt 0.6.5

  • Redhat Libvirt 0.7.0

  • Redhat Libvirt 0.7.1

  • Redhat Libvirt 0.7.2

  • Redhat Libvirt 0.7.3

  • Redhat Libvirt 0.7.4

  • Redhat Libvirt 0.7.5

  • Redhat Libvirt 0.7.6

  • Redhat Libvirt 0.7.7

  • Redhat Libvirt 0.8.0

  • Redhat Libvirt 0.8.1

  • Redhat Libvirt 0.8.2

  • Redhat Libvirt 0.8.3

  • Redhat Libvirt 0.8.4

  • Redhat Libvirt 0.8.5

  • Redhat Libvirt 0.8.6

  • Redhat Libvirt 0.8.7

  • Redhat Libvirt 0.8.8

  • Redhat Libvirt 0.9.0

  • Redhat Libvirt 0.9.1

  • Redhat Libvirt 0.9.10

  • Redhat Libvirt 0.9.11

  • Redhat Libvirt 0.9.2

  • Redhat Libvirt 0.9.3

  • Redhat Libvirt 0.9.4

  • Redhat Libvirt 0.9.5

  • Redhat Libvirt 0.9.6

  • Redhat Libvirt 0.9.7

  • Redhat Libvirt 0.9.8

  • Redhat Libvirt 0.9.9


References

MLIST - [libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support

MLIST - [oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored

MLIST - [oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored

REDHAT - RHSA-2012:0748

REDHAT - RHSA-2013:0127


Last Updated: 27 May 2016 10:56:32