Bug 831164 - (CVE-2012-2693) CVE-2012-2693 libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored
CVE-2012-2693 libvirt: address bus= device= when identicle vendor ID/product ...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20120428,reported=2...
: Security
Depends On: 815755 816560 816601
Blocks: 784298 816611 831216
  Show dependency treegraph
 
Reported: 2012-06-12 07:24 EDT by Petr Matousek
Modified: 2013-01-08 04:24 EST (History)
16 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-08 04:24:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Petr Matousek 2012-06-12 07:24:54 EDT
libvirt ignores address bus= device= when identicle vendor ID/product IDs usb devices attached with either virsh or virt-manager.

As a consequence, wrong USB device can be assigned to the wrong guest.

References and proposed upstream patch:
https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html
Comment 5 errata-xmlrpc 2012-06-20 02:51:31 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0748 https://rhn.redhat.com/errata/RHSA-2012-0748.html
Comment 7 errata-xmlrpc 2013-01-07 23:56:56 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:0127 https://rhn.redhat.com/errata/RHSA-2013-0127.html

Note You need to log in before you can comment on or make changes to this bug.