Lucene search

[email protected]CVE-2020-8991

HistoryFeb 14, 2020 - 5:15 a.m.

CVE-2020-8991

2020-02-1405:15:13

CWE-401

[email protected]

web.nvd.nist.gov

lvm2

cve-2020-8991

memory leak

daemons

security vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

2.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

3.9 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug

Affected configurations

NVD

Node

redhatlvm2Match2.02.00

CPENameOperatorVersion
redhat:lvm2redhat lvm2eq2.02.00

CPE	Name	Operator	Version
redhat:lvm2	redhat lvm2	eq	2.02.00

References

sourceware.org/git/?p=lvm2.git%3Ba=commit%3Bh=bcf9556b8fcd16ad8997f80cc92785f295c66701

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

2.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

3.9 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2020-8991

redhatcve1 nessus4 ubuntucve1 debiancve1 openvas1 prion1 vulnrichment1 cvelist1 nvd1