oss-sec mailing list archives

CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored

From: Petr Matousek <pmatouse () redhat com>
Date: Mon, 11 Jun 2012 18:29:45 +0200

Description of the problem:
libvirt ignores address bus= device= when identicle vendor
ID/product IDs usb devices attached with either virsh or virt-manager.

As a consequence, wrong USB device can be assigned to the wrong guest.

References and proposed upstream patch:
https://www.redhat.com/archives/libvir-list/2012-April/msg01494.html

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Current thread:

CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored Petr Matousek (Jun 11)
- Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored Kurt Seifried (Jun 11)