CVE-2021-4155

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16 Linux kernel versions 5.15 through 5.15.13 Linux kernel versions 5.10 through 5.10.90 Linux kernel versions 5.4 through 5.4.170 Linux kernel versions 4.19 through 4.19.224

Description A data leak flaw was found in the XFS filesystem, specifically in the way XFS IOC ALLOCSP IOCTL allowed for size increase of files with unaligned size. This flaw could be exploited by a local attacker to leak data on the XFS filesystem that would otherwise be inaccessible to them. The issue is related to incorrect buffer size calculation in the ioctl(XFS IOC ALLOCSP) and ioctl(XFS IOC FREESP) system calls. A local unprivileged user could use this flaw to read raw data from unused blocks on the block device directly.

Recommendations For Linux kernel versions prior to 5.16, update to version 5.16 or later to resolve the issue. For Linux kernel versions 5.15 through 5.15.13, update to version 5.15.14 or later to resolve the issue. For Linux kernel versions 5.10 through 5.10.90, update to version 5.10.91 or later to resolve the issue. For Linux kernel versions 5.4 through 5.4.170, update to version 5.4.171 or later to resolve the issue. For Linux kernel versions 4.19 through 4.19.224, update to version 4.19.225 or later to resolve the issue. As a temporary workaround, consider restricting access to the XFS filesystem to minimize the risk of exploitation.