CVE-2012-2693

Publication date 17 June 2012

Last updated 24 July 2024

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libvirt	13.10 saucy	Not affected
	13.04 raring	Not affected
	12.10 quantal	Not affected
	12.04 LTS precise	Ignored
	11.10 oneiric	Ignored
	11.04 natty	Ignored
	10.04 LTS lucid	Ignored
	8.04 LTS hardy	Ignored

How can I get the fixes?
What do statuses mean?
Patch details

Notes

jdstrand

need 3rd patch to fix a regression

mdeslaur

need 4th patch to fix another regression possibly 5th patch for another regression we aren't going to backport this, as it is intrusive. marking as ignored.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libvirt	Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=9914477efc9764f691ca50faca6592a2d4fecec8 Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=05abd1507d66aabb6cad12eeafeb4c4d1911c585 Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=ab5fb8f34c93661bb19b62e4ed3592fb53cd6b36 Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=2f5fdc886ec7ed8b871ebd0576271f8ee5be1f71 Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=9c484e3dc5464dfbb538744360b401a0bc59c1c6

Package

Patch details

libvirt

Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=9914477efc9764f691ca50faca6592a2d4fecec8
Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=05abd1507d66aabb6cad12eeafeb4c4d1911c585
Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=ab5fb8f34c93661bb19b62e4ed3592fb53cd6b36
Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=2f5fdc886ec7ed8b871ebd0576271f8ee5be1f71
Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=9c484e3dc5464dfbb538744360b401a0bc59c1c6

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html
http://www.openwall.com/lists/oss-security/2012/06/11/3
http://www.openwall.com/lists/oss-security/2012/06/11/2
https://www.cve.org/CVERecord?id=CVE-2012-2693