Vulnerability Description
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Libvirt | <= 0.9.11 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2012-0748.html
- http://rhn.redhat.com/errata/RHSA-2013-0127.html
- http://www.openwall.com/lists/oss-security/2012/06/11/2
- http://www.openwall.com/lists/oss-security/2012/06/11/3
- https://www.redhat.com/archives/libvir-list/2012-April/msg01494.htmlPatch
- http://rhn.redhat.com/errata/RHSA-2012-0748.html
- http://rhn.redhat.com/errata/RHSA-2013-0127.html
- http://www.openwall.com/lists/oss-security/2012/06/11/2
- http://www.openwall.com/lists/oss-security/2012/06/11/3
- https://www.redhat.com/archives/libvir-list/2012-April/msg01494.htmlPatch
FAQ
What is CVE-2012-2693?
CVE-2012-2693 is a vulnerability with a CVSS score of 3.7 (LOW). libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated...
How severe is CVE-2012-2693?
CVE-2012-2693 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2693?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Libvirt.