Date: Mon, 10 Jan 2022 17:49:47 +0530 From: Rohit Keshri <rkeshri@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2021-4155 kernel: xfs: raw block device data leak in ioctl(XFS_IOC_ALLOCSP) Hello, A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for a size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. #Description (Kirill reported) "the scenario is: 1)truncate() file by unaligned @size; 2)ioctl(XFS_IOC_ALLOCSP) to increase the file size up to 4096. then xfs_ioc_space()->xfs_vn_setattr_size() never zeros [round_down(@size, 4096), @size] and this raw block device data leaks away to user." #Fix The patch for this issue: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79 #CVE Red Hat has assigned CVE-2021-4155 to this issue. https://access.redhat.com/security/cve/CVE-2021-4155 https://bugzilla.redhat.com/show_bug.cgi?id=2034813 #Credit Kirill Tkhai (Virtuozzo Kernel team) Thanks, .. Rohit Keshri / Red Hat Product Security Team PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D secalert@...hat.com for urgent response
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.