Vulnerabilities > CVE-2020-8991 - Memory Leak vulnerability in Redhat Lvm2 2.02.00

047910
CVSS 2.3 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
LOW
local
low complexity
redhat
CWE-401
nessus

Summary

vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug

Vulnerable Configurations

Part Description Count
Application
Redhat
1

Nessus

NASL familyHuawei Local Security Checks
NASL idEULEROS_SA-2020-1311.NASL
descriptionAccording to the version of the lvm2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs.(CVE-2020-8991) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen2020-05-06
modified2020-03-23
plugin id134802
published2020-03-23
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/134802
titleEulerOS 2.0 SP5 : lvm2 (EulerOS-SA-2020-1311)