CVE-2019-20386

low-risk

Published 2020-01-21

An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.

Do I need to act?

0.15% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.4/10 Low

PHYSICAL / LOW complexity

Affected Products (9)

Systemd

Ubuntu Linux

Fedora

Leap

Active Iq Unified Manager

Cloud Backup

Steelstore Cloud Integrated Storage

Affected Vendors

Canonical Fedoraproject Netapp Opensuse Systemd Project

References (10)

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html

Patch https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://security.netapp.com/advisory/ntap-20200210-0002/

Third Party Advisory https://usn.ubuntu.com/4269-1/

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html

Patch https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://security.netapp.com/advisory/ntap-20200210-0002/

Third Party Advisory https://usn.ubuntu.com/4269-1/

/ 100

low-risk

Severity 10/34 · Low

Exploitability 1/34 · Minimal

Exposure 15/34 · Moderate