CVE-2012-2693

NameCVE-2012-2693
Descriptionlibvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs677496

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvirt (PTS)stretch3.0.0-4+deb9u4fixed
stretch (security)3.0.0-4+deb9u5fixed
buster5.0.0-4+deb10u1fixed
bullseye7.0.0-3fixed
bookworm, sid8.4.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libvirtsourcesqueeze(unfixed)end-of-life
libvirtsource(unstable)0.9.12-1677496

Notes

[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)

Search for package or bug name: Reporting problems