Vulnerabilities > CVE-2020-8991 - Memory Leak vulnerability in Redhat Lvm2 2.02.00

CVSS 2.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

local

low complexity

redhat

CWE-401

nessus

NVD

Published: 2020-02-14

Updated: 2024-08-04

Summary

vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Lvm2 2.02.00	1

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Nessus

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2020-1311.NASL
description	According to the version of the lvm2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs.(CVE-2020-8991) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2020-03-23
plugin id	134802
published	2020-03-23
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134802
title	EulerOS 2.0 SP5 : lvm2 (EulerOS-SA-2020-1311)

References

https://sourceware.org/git/?p=lvm2.git%3Ba=commit%3Bh=bcf9556b8fcd16ad8997f80cc92785f295c66701