DEBIAN-CVE-2012-2693

DEBIAN-CVE-2012-2693 PUBLISHED

libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.

Affected Products

Vendor	Product	Versions
Debian:14	libvirt	0, 0, 0
Debian:11	libvirt	0, 0, 0
Debian:13	libvirt	0, 0, 0
Debian:12	libvirt	0, 0, 0

Timeline

Jun 17, 2012 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2012-2693 advisory

Open in Interactive Console →