CVE-2020-8991

Published: 14 February 2020

** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug.

Priority

Low

CVSS 3 base score: 2.3

Status

Package Release Status
lvm2
Launchpad, Ubuntu, Debian
Upstream
Released (2.03.01-2)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Upstream: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701

Notes

AuthorNote
mdeslaur
This CVE is disputed, not a security issue, marking as
not-affected.

References