Bugzilla – Bug 766559
VUL-1: libvirt: address bus=device= when identicle vendor ID/product IDs usb devices attached are ignored
Last modified: 2017-09-20 06:38:58 UTC
Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.
Date: Mon, 11 Jun 2012 18:29:45 +0200
From: Petr Matousek <email@example.com>
Subject: [oss-security] CVE request -- libvirt: address bus= device= when identicle vendor
ID/product IDs usb devices attached are ignored
Description of the problem:
libvirt ignores address bus= device= when identicle vendor
ID/product IDs usb devices attached with either virsh or virt-manager.
As a consequence, wrong USB device can be assigned to the wrong guest.
References and proposed upstream patch:
Petr Matousek / Red Hat Security Response Team
Related RH bugs
I don't have access to 815755, which might have some clues about affected libvirt versions. Ludwig, assuming RH has already determined which version are affected, is it possible they might share this information?
Initial USB passthrough for qemu/kvm was added in libvirt 0.4.5! But this code has changed significantly over the years and it is not obvious which versions might be affected without considerable investigation. I'm happy to do this if needed, but hoping to save some time. Thanks.
I'll start backporting the patches to known affected versions that we are using
libvirt 0.9.11 in 12.2/Factory
libvirt 0.9.6 in 12.1/sles11sp2
Forgot needinfo to Ludwig for my question in #1...
bugbot adjusting priority
There is very little info in rhb#831164, just a pointer to the first version of the upstream patchset. I was hoping to find which versions of libvirt are affected.
There are several other bugs referenced in rhb#831164, but they are all non-public.
This is an autogenerated message for OBS integration:
This bug (766559) was mentioned in
https://build.opensuse.org/request/show/127535 Factory / libvirt
did we release this Jim?
its a bit unclear
I've fixed this bug in Factory and 12.2. The latter was released about a week ago via maintenancereq #138011.
I haven't had time to fix it 12.1/sles11sp2, which has an older libvirt where the upstream patches do not apply cleanly.
Jim, could you confirm whether this bug is fixed on 11-SP3's version of libvirt? Thanks.
Yes, it is fixed in SP3, which has the latest release of libvirt.
Closing as fixed.