Main Vulnerability Database Vulnerabilities #VU43975

Permissions, Privileges, and Access Controls in libvirt - CVE-2012-2693

Published: June 17, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43975

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-2693

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: libvirt.org

Affected software:
libvirt

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.

How to mitigate CVE-2012-2693

Install update from vendor's website.

Sources

http://rhn.redhat.com/errata/RHSA-2012-0748.html
http://rhn.redhat.com/errata/RHSA-2013-0127.html
http://www.openwall.com/lists/oss-security/2012/06/11/2
http://www.openwall.com/lists/oss-security/2012/06/11/3
https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html

Permissions, Privileges, and Access Controls in libvirt - CVE-2012-2693

Detailed vulnerability description

How to mitigate CVE-2012-2693

Sources

Please verify you're human