CVE-2012-2693
EPSS 0.06%
Description
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.
How to fix CVE-2012-2693
To remediate CVE-2012-2693, upgrade the affected package to a fixed version below.
- Debian/libvirt—upgrade to 0.9.12-1 or later
Is CVE-2012-2693 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.9.12-1