{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-28T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-23T09:00:00.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/06/11/3"}, {"name": "RHSA-2013:0127", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html"}, {"name": "[libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html"}, {"name": "RHSA-2012:0748", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html"}, {"name": "[oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/06/11/2"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:42:31.709Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/06/11/3"}, {"name": "RHSA-2013:0127", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html"}, {"name": "[libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html"}, {"name": "RHSA-2012:0748", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html"}, {"name": "[oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/06/11/2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2693", "datePublished": "2012-06-17T01:00:00.000Z", "dateReserved": "2012-05-14T00:00:00.000Z", "dateUpdated": "2024-08-06T19:42:31.709Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*", "matchCriteriaId": "01916DA0-D0B0-4355-B72D-76B2E9B05988", "versionEndIncluding": "0.9.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4AFF5EF5-280A-499B-BD63-361EDC49A923", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C2A0DD5B-AFDD-4DA4-B19C-2CA73FA9B477", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "DE616C79-74E0-4876-83D7-BE04CB954F92", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "87FF4782-A017-4D6F-9588-BE0AD4AA04E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "4B7FDA56-4C79-4D79-9EDA-8A936C7D8DE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "FF62226E-E4FE-4AF5-86A2-344148158A22", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C540F8A3-E12A-403B-81D2-CDB28DE03E47", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A0900588-EBF9-4459-B1D7-588B72E40689", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "FE650A9D-D12D-43C5-B276-B3116CF096F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "359F1970-822B-4430-86EB-15091B2B4338", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "D08DB661-40DF-4234-9F6B-2EE0746FAC8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "E86D1293-6881-4F9D-B245-E16040921DF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "C49F1101-0845-478F-BEA1-67185A763D37", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "4F1FDF3E-87F8-4CBF-99F8-DBB03C7D2318", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "DA319732-E860-459E-9C20-ED31D90510DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "06B16020-5330-4F99-8DD3-8B4037E22CFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "9BCA6D83-281F-4B28-9CB2-253614017B5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FEBBD0C7-F9D3-48D4-8D76-1FAFFB049300", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "C97CB42C-C89F-4BE6-80AC-A020EBF369FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCC2F2D6-90E3-4306-A29A-0A507BDF889C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "AB533B81-AFF3-442E-A499-555F2181F64D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "53AD34A3-9097-4375-BB30-CAED13987396", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "80E37E3B-18A8-4D34-9400-2C18D0DBAAAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "36EAE07C-284D-4BEB-ABDF-28C157B3B90B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "E28C5275-39D4-4C7C-A064-70161FE35802", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "643D7C4C-6BD9-49CE-A7FD-819300CA955C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "77476F3F-A914-4EC6-9488-189BD9E1AE6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B22C7B3D-169D-45CC-B1C1-9864991B3E05", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "3D6D1F10-2908-42E0-8D8F-1FBBC804505D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "FC9ABBF2-B1AD-446A-A3D2-E103D1B411A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "450BD95B-5CE1-49E7-B6DB-6C14D9115CC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "508578FC-BDC7-4B44-9F98-BD6CD657F57B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD25F37B-C666-4EDB-AD77-CCE04A800348", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B8903EA9-D354-4C9E-B308-653689534AFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F811BE37-6F53-4663-819F-E954787C345B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "2886A659-24BD-483B-8FCD-5BC21573EE42", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "65FD148D-0088-47D5-AAC1-E0E990F9D170", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "84613074-CFA0-4C0B-B896-0751F652EA71", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BCCF73F-8542-4955-ACD6-44F199D49CB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "05C7EF0F-C069-424A-9B3F-D07C72450ADA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "5F25DF6A-34D5-4D5B-AFAF-7A21202460EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "B67C29ED-2975-47F0-AE75-875A380ECC56", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "EC90B806-1FB3-434E-A664-2842AD3BA9CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "8DCDC5B5-1DD4-4FF4-8AB4-D38F5418B873", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "0054B43A-F844-47C8-B03A-01696117B7E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "A5C78A50-0F41-405C-9ABA-EE088D0ABE60", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "8322F4E2-0AD0-497B-871E-233C0E0F1490", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "E41CEF32-4998-41D5-B971-12E7F4E39FB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "E43FD74C-5986-4E9E-9C4F-9891133084A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "8D504B27-7BD0-4CB1-B8CA-76B7C537A4C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "CBFD9B43-52BA-4FF9-84A1-369B1A96A166", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "10EE76EF-44D3-4645-B1E7-5BCFB4CB4204", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "934215BC-33D1-453F-B49B-23B52E580214", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "F274792B-F190-4A23-A551-6B07EA4028B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "F9D67FBC-4009-4FC1-B0CF-AA3C1505C2F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2059834-5A26-4DB9-B400-DBBE15690AAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "F2F6277D-6732-44BA-91B4-D57877E011BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "2553A171-A830-4540-8CC6-51275F72AAEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "61C2C484-7AAB-475C-A44E-6D9DCF597DD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "04A75CCF-28E1-44CC-962C-C56A4F64B370", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "B0E8A1AF-740A-454C-8019-B52654589603", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "F040825C-C457-40A1-A04C-F362289E13F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "3327FB7D-92DB-479F-BF1C-2565C8F1B25C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "48F55C0A-3E6E-4E24-81D7-F023728E486A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "ACB7C00E-DF4E-40AF-A503-202A2FE03D5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "6AB4E8A8-2B6C-4287-937B-C67A97EAB67A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices."}, {"lang": "es", "value": "libvirt, posiblemente anterior a v0.9.12, no se asignan adecuadamente los dispositivos USB a las m\u00e1quinas virtuales cuando varios dispositivos tienen el mismo proveedor y la misma identificaci\u00f3n de producto, lo que podr\u00eda provocar que el dispositivo equivocado sea asociado con un invitado lo que podr\u00eda podr\u00eda permitir a usuarios locales acceder a los dispositivos USB no deseados."}], "id": "CVE-2012-2693", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-17T03:41:42.203", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/06/11/2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/06/11/3"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0748.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0127.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/06/11/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/06/11/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0127", "cpe": "cpe:/a:redhat:rhel_virtualization:5", "package": "libvirt-0:0.8.2-29.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-01-08T00:00:00Z"}, {"advisory": "RHSA-2012:0748", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libvirt-0:0.9.10-21.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-06-19T00:00:00Z"}, {"advisory": "RHSA-2012:0748", "cpe": "cpe:/a:redhat:storage:3:server:el6", "package": "libvirt-0:0.9.10-21.el6", "product_name": "Red Hat Storage 3 for RHEL 6", "release_date": "2012-06-19T00:00:00Z"}], "bugzilla": {"description": "libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored", "id": "831164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=831164"}, "csaw": false, "cvss": {"cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices."], "name": "CVE-2012-2693", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "libvirt", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2012-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-2693\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-2693"], "threat_severity": "Low"}

{}