CVE-2021-4155 kernel: xfs: raw block device data leak in ioctl(XFS_IOC_ALLOCSP)

[Rohit Keshri <rkeshri () redhat com>]

Hello,

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS
filesystem allowed for a size increase of files with unaligned size. A
local attacker could use this flaw to leak data on the XFS filesystem
otherwise not accessible to them.

#Description

(Kirill reported)
"the scenario is:

1)truncate() file by unaligned @size;
2)ioctl(XFS_IOC_ALLOCSP) to increase the file size up to 4096.

then xfs_ioc_space()->xfs_vn_setattr_size() never zeros [round_down(@size,
4096), @size]
and this raw block device data leaks away to user."

#Fix
The patch for this issue:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79

#CVE
Red Hat has assigned CVE-2021-4155 to this issue.
https://access.redhat.com/security/cve/CVE-2021-4155
https://bugzilla.redhat.com/show_bug.cgi?id=2034813

#Credit
Kirill Tkhai (Virtuozzo Kernel team)

Thanks,
..
Rohit Keshri / Red Hat Product Security Team
PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D

secalert () redhat com for urgent response