CVE-2012-2693
Published: 17 June 2012
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.
Notes
Author | Note |
---|---|
jdstrand | need 3rd patch to fix a regression |
mdeslaur | need 4th patch to fix another regression possibly 5th patch for another regression we aren't going to backport this, as it is intrusive. marking as ignored. |
Priority
Status
Package | Release | Status |
---|---|---|
libvirt Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
|
|
quantal |
Not vulnerable
(0.9.12-0ubuntu3)
|
|
raring |
Not vulnerable
(0.9.12-0ubuntu3)
|
|
saucy |
Not vulnerable
(0.9.12-0ubuntu3)
|
|
upstream |
Released
(0.9.12-1)
|
|
Patches: upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=9914477efc9764f691ca50faca6592a2d4fecec8 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=05abd1507d66aabb6cad12eeafeb4c4d1911c585 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=ab5fb8f34c93661bb19b62e4ed3592fb53cd6b36 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=2f5fdc886ec7ed8b871ebd0576271f8ee5be1f71 upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=9c484e3dc5464dfbb538744360b401a0bc59c1c6 |