CVE-2020-8991

Published: Feb 14, 2020Modified: Nov 21, 2024

2.3

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Exploitability: 0.8 / Impact: 1.4

Source: NVD

Description

vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug

Affected (1)

Products: Redhat: Lvm2

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Lvm2	Version 2.02.00

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

https://sourceware.org/git/?p=lvm2.git%3Ba=commit%3Bh=bcf9556b8fcd16ad8997f80cc92785f295c66701

Source: cve@mitre.org

https://sourceware.org/git/?p=lvm2.git%3Ba=commit%3Bh=bcf9556b8fcd16ad8997f80cc92785f295c66701

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.