CVE-2012-2693 - Vulnerability Details

CVE-2012-2693 - libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Libvirt Rhel Virtualization Storage

Configuration 1 [-]

OR	cpe:2.3:a:redhat:libvirt::::::::
	cpe:2.3:a:redhat:libvirt:0.0.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.0.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.0.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.0.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.0.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.0.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.7:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.8:::::::*
	cpe:2.3:a:redhat:libvirt:0.1.9:::::::*
	cpe:2.3:a:redhat:libvirt:0.2.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.2.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.2.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.2.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.3.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.3.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.3.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.3.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.4.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.5.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.5.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.6.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.6.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.6.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.6.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.6.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.6.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.7.7:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.7:::::::*
	cpe:2.3:a:redhat:libvirt:0.8.8:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.0:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.1:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.2:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.3:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.4:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.5:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.6:::::::*
	cpe:2.3:a:redhat:libvirt:0.9.7:::::::*
cpe:2.3:a:redhat:libvirt:0.9.8:::::::*
cpe:2.3:a:redhat:libvirt:0.9.9:::::::*
cpe:2.3:a:redhat:libvirt:0.9.10:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
libvirt-0:0.8.2-29.el5	cpe:/a:redhat:rhel_virtualization:5	RHSA-2013:0127	2013-01-08T00:00:00Z
Red Hat Enterprise Linux 6
libvirt-0:0.9.10-21.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2012:0748	2012-06-19T00:00:00Z
Red Hat Storage 3 for RHEL 6
libvirt-0:0.9.10-21.el6	cpe:/a:redhat:storage:3:server:el6	RHSA-2012:0748	2012-06-19T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2012-0748.html
http://rhn.redhat.com/errata/RHSA-2013-0127.html
http://www.openwall.com/lists/oss-security/2012/06/11/2
http://www.openwall.com/lists/oss-security/2012/06/11/3
https://nvd.nist.gov/vuln/detail/CVE-2012-2693
https://www.cve.org/CVERecord?id=CVE-2012-2693
https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-17T01:00:00

Updated: 2024-08-06T19:42:31.709Z

Reserved: 2012-05-14T00:00:00

Link: CVE-2012-2693

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-06-17T03:41:42.203

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-2693

Redhat

Severity : Low

Publid Date: 2012-04-28T00:00:00Z

Links: CVE-2012-2693 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-28T00:00:00", "descriptions": [{"lang": "en", "value": "libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-23T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/06/11/3"}, {"name": "RHSA-2013:0127", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html"}, {"name": "[libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html"}, {"name": "RHSA-2012:0748", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html"}, {"name": "[oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/06/11/2"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:42:31.709Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/06/11/3"}, {"name": "RHSA-2013:0127", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html"}, {"name": "[libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html"}, {"name": "RHSA-2012:0748", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html"}, {"name": "[oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/06/11/2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2693", "datePublished": "2012-06-17T01:00:00", "dateReserved": "2012-05-14T00:00:00", "dateUpdated": "2024-08-06T19:42:31.709Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*", "matchCriteriaId": "01916DA0-D0B0-4355-B72D-76B2E9B05988", "versionEndIncluding": "0.9.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices."}, {"lang": "es", "value": "libvirt, posiblemente anterior a v0.9.12, no se asignan adecuadamente los dispositivos USB a las m\u00e1quinas virtuales cuando varios dispositivos tienen el mismo proveedor y la misma identificaci\u00f3n de producto, lo que podr\u00eda provocar que el dispositivo equivocado sea asociado con un invitado lo que podr\u00eda podr\u00eda permitir a usuarios locales acceder a los dispositivos USB no deseados."}], "id": "CVE-2012-2693", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-17T03:41:42.203", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/06/11/2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/06/11/3"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/06/11/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/06/11/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0127", "cpe": "cpe:/a:redhat:rhel_virtualization:5", "package": "libvirt-0:0.8.2-29.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-01-08T00:00:00Z"}, {"advisory": "RHSA-2012:0748", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libvirt-0:0.9.10-21.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-06-19T00:00:00Z"}, {"advisory": "RHSA-2012:0748", "cpe": "cpe:/a:redhat:storage:3:server:el6", "package": "libvirt-0:0.9.10-21.el6", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2012-06-19T00:00:00Z"}], "bugzilla": {"description": "libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", "id": "831164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831164"}, "csaw": false, "cvss": {"cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices."], "name": "CVE-2012-2693", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "libvirt", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2012-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-2693\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-2693"], "threat_severity": "Low"}

Metrics

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object