oss-sec mailing list archives
CVE-2021-4155 kernel: xfs: raw block device data leak in ioctl(XFS_IOC_ALLOCSP)
From: Rohit Keshri <rkeshri () redhat com>
Date: Mon, 10 Jan 2022 17:49:47 +0530
Hello, A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for a size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. #Description (Kirill reported) "the scenario is: 1)truncate() file by unaligned @size; 2)ioctl(XFS_IOC_ALLOCSP) to increase the file size up to 4096. then xfs_ioc_space()->xfs_vn_setattr_size() never zeros [round_down(@size, 4096), @size] and this raw block device data leaks away to user." #Fix The patch for this issue: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79 #CVE Red Hat has assigned CVE-2021-4155 to this issue. https://access.redhat.com/security/cve/CVE-2021-4155 https://bugzilla.redhat.com/show_bug.cgi?id=2034813 #Credit Kirill Tkhai (Virtuozzo Kernel team) Thanks, .. Rohit Keshri / Red Hat Product Security Team PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D secalert () redhat com for urgent response
Current thread:
- CVE-2021-4155 kernel: xfs: raw block device data leak in ioctl(XFS_IOC_ALLOCSP) Rohit Keshri (Jan 10)