2 results (0.011 seconds)

CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0

vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug ** EN DISPUTA ** vg_lookup en daemons / lvmetad / lvmetad-core.c en LVM2 2.02 administra mal la memoria, lo que lleva a una pérdida de memoria lvmetad, como lo demuestra la ejecución de pvs. NOTA: RedHat niega que CVE-2020-8991 no sea una vulnerabilidad, ya que no existe una ruta aparente para escalar privilegios o para denegar el servicio a través del error. • https://sourceware.org/git/?p=lvm2.git%3Ba=commit%3Bh=bcf9556b8fcd16ad8997f80cc92785f295c66701 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 4.8EPSS: 0%CPEs: 28EXPL: 1

The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands. El cluster logical volume manager daemon (clvmd) en lvm2-cluster en LVM2 anterior v2.02.72, como el usado en Red Hat Global File System (GFS) y otros productos, no verifica las credenciales de cliente sobre una conexión socket, permitiendo a usuarios locales causar una denegación de servicio (cuelgue del demonio o cambio de volumen lógico) o probablemente tener otros impactos a través de comandos de control manipulados. • http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://secunia.com/advisories/40759 http://securitytracker.com/id?1024258 http://www.osvdb.org/66753 http://www.ubuntu.com/usn/USN-1001-1 http://www.vupen.com/english/advisories/2010/1944 https://bugzilla.redhat.com/show_bug.cgi?id=614248 https://exchange.xforce.ibmcloud.com/vulnerabilities/60809 https://rhn.redhat.com/errata/RHSA-2010-0567.html https://rhn.redhat.com/errata/RHSA-2010-0568.html htt • CWE-287: Improper Authentication •