Ubuntu.comUB:CVE-2012-2693CVE-2012-2693
3.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
libvirt, possibly before 0.9.12, does not properly assign USB devices to
virtual machines when multiple devices have the same vendor and product ID,
which might cause the wrong device to be associated with a guest and might
allow local users to access unintended USB devices.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677496>
- <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2693>
- <https://bugzilla.redhat.com/show_bug.cgi?id=815755>
Notes
| Author | Note |
|---|---|
| jdstrand | need 3rd patch to fix a regression |
| mdeslaur | need 4th patch to fix another regression possibly 5th patch for another regression we aren’t going to backport this, as it is intrusive. marking as ignored. |
References
www.openwall.com/lists/oss-security/2012/06/11/2
www.openwall.com/lists/oss-security/2012/06/11/3
launchpad.net/bugs/cve/CVE-2012-2693
nvd.nist.gov/vuln/detail/CVE-2012-2693
security-tracker.debian.org/tracker/CVE-2012-2693
www.cve.org/CVERecord?id=CVE-2012-2693
www.redhat.com/archives/libvir-list/2012-April/msg01494.html
Related
3.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%