Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 709686 (CVE-2020-8991) - <sys-fs/lvm2-2.02.187: heap memory leak (CVE-2020-8991)
Summary: <sys-fs/lvm2-2.02.187: heap memory leak (CVE-2020-8991)
Status: RESOLVED FIXED
Alias: CVE-2020-8991
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Deadline: 2020-04-19
Assignee: Gentoo Security
URL: https://nvd.nist.gov/vuln/detail/CVE-...
Whiteboard: A3 [noglsa cve]
Keywords: CC-ARCHES
Depends on:
Blocks:
 
Reported: 2020-02-15 07:43 UTC by filip ambroz
Modified: 2020-04-27 00:51 UTC (History)
4 users (show)

See Also:
Package list:
sys-fs/lvm2-2.02.187-r2 amd64 arm arm64 hppa ppc ppc64 s390 sparc x86
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2020-02-15 07:43:19 UTC
from URLs:
vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs:

#!/bin/bash
    while :
    do
        pvs
        sleep 1
    done

use top command to watch RES memory of lvmetad. After a few minutes,
its RES memory will grow for a few KB. Then stop calling pvs, while
its RES will not decrease.

This is because, when lvmetad make reponse for clent request, it
will malloc new chunk for s->vgid_to_metadata, while actually the
new chunk should be added to the reponse dm_config_tree, or it will
make the chunk list of s->vgid_to_metadata keep growing.
Comment 2 Lars Wendler (Polynomial-C) gentoo-dev 2020-03-26 20:27:26 UTC
commit b8b99da05953052a27440192953e417e07965fb6
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Thu Mar 26 21:05:18 2020

    sys-fs/lvm2: Bump to version 2.02.187

    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>


This release contains the fix. Will call stabilization in a couple of days unless some severe regressions pop up.
Comment 3 Thomas Deutschmann gentoo-dev Security 2020-03-26 20:41:49 UTC
I'll do a rev bump later with some fixes for runscript before we stabilize.
Comment 4 Alasdair Kergon 2020-03-26 21:04:34 UTC
Just in case anyone worries about this one, nobody has provided upstream with any evidence of a security problem here so the upstream view remains that the CVE designation was a mistake.

But do still fix the bug to improve stability if you're using the affected features.
Comment 5 Thomas Deutschmann gentoo-dev Security 2020-04-14 18:37:15 UTC
I updated runscript, let's wait a few days.
Comment 6 Agostino Sarubbo gentoo-dev 2020-04-19 19:00:28 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-04-20 07:54:31 UTC
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-04-20 09:29:29 UTC
s390 stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-04-20 13:27:32 UTC
arm stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-04-20 13:29:11 UTC
sparc stable
Comment 11 Agostino Sarubbo gentoo-dev 2020-04-20 18:03:43 UTC
ppc stable
Comment 12 Agostino Sarubbo gentoo-dev 2020-04-20 18:04:34 UTC
ppc64 stable
Comment 13 Rolf Eike Beer 2020-04-21 21:22:16 UTC
hppa stable
Comment 14 Sam James archtester gentoo-dev Security 2020-04-27 00:33:56 UTC
(In reply to Alasdair Kergon from comment #4)
> Just in case anyone worries about this one, nobody has provided upstream
> with any evidence of a security problem here so the upstream view remains
> that the CVE designation was a mistake.
> 
> But do still fix the bug to improve stability if you're using the affected
> features.

I did mean to reply at the time -- thank you for clarifying. I was a bit dubious when I saw it.

I'll tentatively set glsa? because I can't vote yet.
Comment 15 Sam James archtester gentoo-dev Security 2020-04-27 00:35:21 UTC
arm64 stable: https://gitweb.gentoo.org/repo/gentoo.git/commit/sys-fs/lvm2?id=7a37c9c92fd70ccad519e68ae2726ff91f5e186e

@maintainer(s), please cleanup
Comment 16 Larry the Git Cow gentoo-dev 2020-04-27 00:50:24 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1881836d0d33dcd9636e8ce903e3f4c46ef01f3f

commit 1881836d0d33dcd9636e8ce903e3f4c46ef01f3f
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-04-27 00:46:57 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-04-27 00:49:24 +0000

    sys-fs/lvm2: security cleanup
    
    Bug: https://bugs.gentoo.org/709686
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 sys-fs/lvm2/Manifest                 |   2 -
 sys-fs/lvm2/files/lvm.rc-2.02.184-r3 | 154 -------------------
 sys-fs/lvm2/lvm2-2.02.184-r5.ebuild  | 273 ----------------------------------
 sys-fs/lvm2/lvm2-2.02.186-r2.ebuild  | 279 -----------------------------------
 sys-fs/lvm2/lvm2-2.02.187.ebuild     | 279 -----------------------------------
 5 files changed, 987 deletions(-)
Comment 17 Thomas Deutschmann gentoo-dev Security 2020-04-27 00:51:07 UTC
Closing without GLSA due to dispute.