USBView is a tool to display the topology of devices on the USB bus.
A vulnerability has been discovered in usbview. Please review the CVE identifier referenced below for details.
USBView allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option.
There is no known workaround at this time.
All USBView users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/usbview-2.2"