{"containers": {"cna": {"affected": [{"product": "kernel", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in Kernel v5.16"}]}], "descriptions": [{"lang": "en", "value": "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-131", "description": "CWE-131 - Incorrect Calculation of Buffer Size", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-24T15:10:19", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2022/01/10/1"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2021-4155"}, {"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2021-4155"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-4155", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "kernel", "version": {"version_data": [{"version_value": "Fixed in Kernel v5.16"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-131 - Incorrect Calculation of Buffer Size"}]}]}, "references": {"reference_data": [{"name": "https://www.openwall.com/lists/oss-security/2022/01/10/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/01/10/1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813"}, {"name": "https://access.redhat.com/security/cve/CVE-2021-4155", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2021-4155"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2021-4155", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2021-4155"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:16:04.255Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2022/01/10/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2021-4155"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2021-4155"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-4155", "datePublished": "2022-08-24T15:10:19", "dateReserved": "2021-12-22T00:00:00", "dateUpdated": "2024-08-03T17:16:04.255Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D692A2AE-8E9E-46AE-8670-7E1284317A25", "versionEndExcluding": "5.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de filtrado de datos en la forma en que XFS_IOC_ALLOCSP IOCTL en el sistema de archivos XFS permit\u00eda aumentar el tama\u00f1o de los archivos con un tama\u00f1o no alineado. Un atacante local podr\u00eda usar este fallo para filtrar datos en el sistema de archivos XFS que de otro modo no ser\u00edan accesibles."}], "id": "CVE-2021-4155", "lastModified": "2022-08-29T13:39:05.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-24T16:15:09.607", "references": [{"source": "secalert@redhat.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-4155"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2021-4155"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/01/10/1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-131"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-131"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Kirill Tkhai (Virtuozzo Kernel team) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:1417", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "kernel-0:2.6.32-754.47.1.el6", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2022-04-19T00:00:00Z"}, {"advisory": "RHSA-2022:0622", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.59.1.rt56.1200.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-02-22T00:00:00Z"}, {"advisory": "RHSA-2022:0592", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-02-22T00:00:00Z"}, {"advisory": "RHSA-2022:0620", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.59.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-02-22T00:00:00Z"}, {"advisory": "RHSA-2022:0529", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.97.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0530", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "kernel-0:3.10.0-693.96.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0531", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "kernel-0:3.10.0-957.88.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0531", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "kernel-0:3.10.0-957.88.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0531", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kernel-0:3.10.0-957.88.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0533", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2022-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:0712", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "kernel-0:3.10.0-1062.63.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2022-03-01T00:00:00Z"}, {"advisory": "RHSA-2022:0712", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "kernel-0:3.10.0-1062.63.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2022-03-01T00:00:00Z"}, {"advisory": "RHSA-2022:0712", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kernel-0:3.10.0-1062.63.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-03-01T00:00:00Z"}, {"advisory": "RHSA-2022:0718", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-03-01T00:00:00Z"}, {"advisory": "RHSA-2022:0176", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-348.12.2.rt7.143.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-01-19T00:00:00Z"}, {"advisory": "RHSA-2022:0188", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-348.12.2.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-01-19T00:00:00Z"}, {"advisory": "RHSA-2022:0232", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-01-24T00:00:00Z"}, {"advisory": "RHSA-2022:0335", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-02-01T00:00:00Z"}, {"advisory": "RHSA-2022:0344", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kernel-0:4.18.0-147.59.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-02-01T00:00:00Z"}, {"advisory": "RHSA-2022:0958", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-03-17T00:00:00Z"}, {"advisory": "RHSA-2022:0629", "cpe": "cpe:/a:redhat:rhel_eus:8.2::nfv", "package": "kernel-rt-0:4.18.0-193.75.1.rt13.125.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-02-22T00:00:00Z"}, {"advisory": "RHSA-2022:0590", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-02-22T00:00:00Z"}, {"advisory": "RHSA-2022:0636", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kernel-0:4.18.0-193.75.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-02-22T00:00:00Z"}, {"advisory": "RHSA-2022:0187", "cpe": "cpe:/a:redhat:rhel_eus:8.4::nfv", "package": "kernel-rt-0:4.18.0-305.34.2.rt7.107.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-01-19T00:00:00Z"}, {"advisory": "RHSA-2022:0186", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "kernel-0:4.18.0-305.34.2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-01-19T00:00:00Z"}, {"advisory": "RHSA-2022:0231", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-01-24T00:00:00Z"}, {"advisory": "RHSA-2022:1263", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3.22-20220330.1.el7_9", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2022-04-07T00:00:00Z"}, {"advisory": "RHSA-2022:0540", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.4.10-202202081536_8.5", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-02-15T00:00:00Z"}], "bugzilla": {"description": "kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL", "id": "2034813", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-131", "details": ["A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.", "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them."], "mitigation": {"lang": "en:us", "value": "This issue can be mitigated by ensuring xfs_alloc_file_space is not called with \"0\" as an argument.\nThis can be done with a SystemTap script (which resets \"0\" with XFS_BMAPI_PREALLOC), below are the steps:\n1) Save the following script in a 'CVE-2021-4155.stp' file\n--- On Red Hat Enterprise Linux 6 ---\nprobe module(\"xfs\").function(\"xfs_alloc_file_space\") {\nif ($alloc_type == 0)\n$alloc_type = 0x40;# XFS_BMAPI_PREALLOC\n}\n--- On Red Hat Enterprise Linux 6 ---\n--- On Red Hat Enterprise Linux 7 onwards ---\nprobe module(\"xfs\").function(\"xfs_alloc_file_space\") {\nif ($alloc_type == 0)\n$alloc_type = 0x8;# XFS_BMAPI_PREALLOC\n}\n--- On Red Hat Enterprise Linux 7 onwards ---\n2) Install systemtap package and its dependencies\n# yum install -y systemtap systemtap-runtime\n# yum install -y kernel-devel kernel-debuginfo\n3) Build the mitigation kernel module as root.\n# stap -r `uname -r` -m cve_2021_4155.ko -g CVE-2021-4155.stp -p4\n4) Load the mitigation module as root\n# staprun -L cve_2021_4155.ko\nWhat is SystemTap and how to use it?\nhttps://access.redhat.com/solutions/5441"}, "name": "CVE-2021-4155", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-01-10T06:36:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-4155\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4155\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79"], "threat_severity": "Important", "upstream_fix": "Kernel 5.16"}