Bug 2034813 (CVE-2021-4155) - CVE-2021-4155 kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
Summary: CVE-2021-4155 kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-4155
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Zorro Lang
URL:
Whiteboard:
Depends On: 2034852 2034853 2034854 2034855 2034856 2034857 2034858 2034859 2034860 2034861 2034862 2034863 2034864 2034865 2034866 2034867 2034868 2034869 2034870 2034871 2034872 2034873 2034874 2034875 2034876 2034877 2034878 2035469 2035470
Blocks: 2034807
TreeView+ depends on / blocked
 
Reported: 2021-12-22 08:55 UTC by Dhananjay Arunesh
Modified: 2022-07-06 14:02 UTC (History)
71 users (show)

Fixed In Version: Kernel 5.16
Doc Type: If docs needed, set a value
Doc Text:
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.
Clone Of:
Environment:
Last Closed: 2022-05-11 13:45:33 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:0238 0 None None None 2022-01-24 14:08:48 UTC
Red Hat Product Errata RHBA-2022:0679 0 None None None 2022-02-24 20:40:55 UTC
Red Hat Product Errata RHBA-2022:0690 0 None None None 2022-02-28 14:16:45 UTC
Red Hat Product Errata RHBA-2022:0740 0 None None None 2022-03-03 15:58:18 UTC
Red Hat Product Errata RHBA-2022:1044 0 None None None 2022-03-24 07:23:43 UTC
Red Hat Product Errata RHSA-2022:0176 0 None None None 2022-01-19 09:59:51 UTC
Red Hat Product Errata RHSA-2022:0186 0 None None None 2022-01-19 14:42:39 UTC
Red Hat Product Errata RHSA-2022:0187 0 None None None 2022-01-19 14:18:51 UTC
Red Hat Product Errata RHSA-2022:0188 0 None None None 2022-01-19 15:07:04 UTC
Red Hat Product Errata RHSA-2022:0231 0 None None None 2022-01-24 09:48:39 UTC
Red Hat Product Errata RHSA-2022:0232 0 None None None 2022-01-24 09:43:37 UTC
Red Hat Product Errata RHSA-2022:0335 0 None None None 2022-02-01 11:02:14 UTC
Red Hat Product Errata RHSA-2022:0344 0 None None None 2022-02-01 14:16:39 UTC
Red Hat Product Errata RHSA-2022:0529 0 None None None 2022-02-15 09:23:28 UTC
Red Hat Product Errata RHSA-2022:0530 0 None None None 2022-02-15 09:27:58 UTC
Red Hat Product Errata RHSA-2022:0531 0 None None None 2022-02-15 10:37:21 UTC
Red Hat Product Errata RHSA-2022:0533 0 None None None 2022-02-15 09:47:43 UTC
Red Hat Product Errata RHSA-2022:0540 0 None None None 2022-02-15 10:58:58 UTC
Red Hat Product Errata RHSA-2022:0590 0 None None None 2022-02-22 09:00:59 UTC
Red Hat Product Errata RHSA-2022:0592 0 None None None 2022-02-22 09:12:31 UTC
Red Hat Product Errata RHSA-2022:0620 0 None None None 2022-02-22 16:58:17 UTC
Red Hat Product Errata RHSA-2022:0622 0 None None None 2022-02-22 17:00:57 UTC
Red Hat Product Errata RHSA-2022:0629 0 None None None 2022-02-22 15:15:41 UTC
Red Hat Product Errata RHSA-2022:0636 0 None None None 2022-02-22 15:54:50 UTC
Red Hat Product Errata RHSA-2022:0712 0 None None None 2022-03-01 12:44:53 UTC
Red Hat Product Errata RHSA-2022:0718 0 None None None 2022-03-01 12:47:23 UTC
Red Hat Product Errata RHSA-2022:0958 0 None None None 2022-03-17 16:28:14 UTC
Red Hat Product Errata RHSA-2022:1263 0 None None None 2022-04-07 09:03:14 UTC
Red Hat Product Errata RHSA-2022:1417 0 None None None 2022-04-19 16:11:47 UTC

Description Dhananjay Arunesh 2021-12-22 08:55:11 UTC
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

Comment 20 errata-xmlrpc 2022-01-19 09:59:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0176 https://access.redhat.com/errata/RHSA-2022:0176

Comment 21 errata-xmlrpc 2022-01-19 14:18:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0187 https://access.redhat.com/errata/RHSA-2022:0187

Comment 22 errata-xmlrpc 2022-01-19 14:42:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0186 https://access.redhat.com/errata/RHSA-2022:0186

Comment 23 errata-xmlrpc 2022-01-19 15:07:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0188 https://access.redhat.com/errata/RHSA-2022:0188

Comment 24 errata-xmlrpc 2022-01-24 09:43:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0232 https://access.redhat.com/errata/RHSA-2022:0232

Comment 25 errata-xmlrpc 2022-01-24 09:48:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0231 https://access.redhat.com/errata/RHSA-2022:0231

Comment 26 errata-xmlrpc 2022-02-01 11:02:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0335 https://access.redhat.com/errata/RHSA-2022:0335

Comment 27 errata-xmlrpc 2022-02-01 14:16:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0344 https://access.redhat.com/errata/RHSA-2022:0344

Comment 28 errata-xmlrpc 2022-02-15 09:23:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support

Via RHSA-2022:0529 https://access.redhat.com/errata/RHSA-2022:0529

Comment 29 errata-xmlrpc 2022-02-15 09:27:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support

Via RHSA-2022:0530 https://access.redhat.com/errata/RHSA-2022:0530

Comment 30 errata-xmlrpc 2022-02-15 09:47:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions

Via RHSA-2022:0533 https://access.redhat.com/errata/RHSA-2022:0533

Comment 31 errata-xmlrpc 2022-02-15 10:37:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2022:0531 https://access.redhat.com/errata/RHSA-2022:0531

Comment 32 errata-xmlrpc 2022-02-15 10:58:54 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:0540 https://access.redhat.com/errata/RHSA-2022:0540

Comment 34 errata-xmlrpc 2022-02-22 09:00:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0590 https://access.redhat.com/errata/RHSA-2022:0590

Comment 35 errata-xmlrpc 2022-02-22 09:12:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0592 https://access.redhat.com/errata/RHSA-2022:0592

Comment 36 errata-xmlrpc 2022-02-22 15:15:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0629 https://access.redhat.com/errata/RHSA-2022:0629

Comment 37 errata-xmlrpc 2022-02-22 15:54:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0636 https://access.redhat.com/errata/RHSA-2022:0636

Comment 38 errata-xmlrpc 2022-02-22 16:58:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0620 https://access.redhat.com/errata/RHSA-2022:0620

Comment 39 errata-xmlrpc 2022-02-22 17:00:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0622 https://access.redhat.com/errata/RHSA-2022:0622

Comment 40 errata-xmlrpc 2022-03-01 12:44:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2022:0712 https://access.redhat.com/errata/RHSA-2022:0712

Comment 41 errata-xmlrpc 2022-03-01 12:47:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions

Via RHSA-2022:0718 https://access.redhat.com/errata/RHSA-2022:0718

Comment 42 errata-xmlrpc 2022-03-17 16:28:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0958 https://access.redhat.com/errata/RHSA-2022:0958

Comment 43 errata-xmlrpc 2022-04-07 09:03:09 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263

Comment 44 errata-xmlrpc 2022-04-19 16:11:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:1417 https://access.redhat.com/errata/RHSA-2022:1417

Comment 45 Product Security DevOps Team 2022-05-11 13:45:29 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-4155


Note You need to log in before you can comment on or make changes to this bug.