CVE-2021-4155

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2021-4155	Mitigation Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2034813	Issue Tracking Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79	Mailing List Patch Vendor Advisory
https://security-tracker.debian.org/tracker/CVE-2021-4155	Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/10/1	Mailing List Patch Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-4155	Mitigation Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2034813	Issue Tracking Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79	Mailing List Patch Vendor Advisory
https://security-tracker.debian.org/tracker/CVE-2021-4155	Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/01/10/1	Mailing List Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-24 16:15

Updated : 2024-11-21 06:37

NVD link : CVE-2021-4155

Mitre link : CVE-2021-4155

CVE.ORG link : CVE-2021-4155

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-131

Incorrect Calculation of Buffer Size

{"id": "CVE-2021-4155", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-08-24T16:15:09.607", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2021-4155", "tags": ["Mitigation", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2021-4155", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.openwall.com/lists/oss-security/2022/01/10/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2021-4155", "tags": ["Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2021-4155", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.openwall.com/lists/oss-security/2022/01/10/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-131"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-131"}]}], "descriptions": [{"lang": "en", "value": "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de filtrado de datos en la forma en que XFS_IOC_ALLOCSP IOCTL en el sistema de archivos XFS permit\u00eda aumentar el tama\u00f1o de los archivos con un tama\u00f1o no alineado. Un atacante local podr\u00eda usar este fallo para filtrar datos en el sistema de archivos XFS que de otro modo no ser\u00edan accesibles."}], "lastModified": "2024-11-21T06:37:00.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D692A2AE-8E9E-46AE-8670-7E1284317A25", "versionEndExcluding": "5.16"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}