CVE-2021-4155
Published on: Not Yet Published
Last Modified on: 08/29/2022 01:39:00 PM UTC
Certain versions of Linux Kernel from Linux contain the following vulnerability:
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.
- CVE-2021-4155 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.5 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| LOCAL | LOW | LOW | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | NONE | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| CVE-2021-4155 | security-tracker.debian.org text/html |
MISC security-tracker.debian.org/tracker/CVE-2021-4155 |
| kernel/git/torvalds/linux.git - Linux kernel source tree | git.kernel.org text/html |
MISC git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79 |
| 2034813 – (CVE-2021-4155) CVE-2021-4155 kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL | bugzilla.redhat.com text/html |
MISC bugzilla.redhat.com/show_bug.cgi?id=2034813 |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | access.redhat.com text/html |
MISC access.redhat.com/security/cve/CVE-2021-4155 |
| oss-security - CVE-2021-4155 kernel: xfs: raw block device data leak in ioctl(XFS_IOC_ALLOCSP) | www.openwall.com text/html |
MISC www.openwall.com/lists/oss-security/2022/01/10/1 |
Related QID Numbers
- 159599 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-0188)
- 159610 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9010)
- 159611 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2022-9011)
- 159612 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9012)
- 159613 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2022-9013)
- 159614 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9014)
- 159621 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9088)
- 159641 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9147)
- 159642 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2022-9148)
- 159664 Oracle Enterprise Linux Security Update for kernel security and bug fix update (ELSA-2022-0620)
- 160089 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-9781)
- 179012 Debian Security Update for linux (DSA 5050-1)
- 179117 Debian Security Update for linux (DSA 5096-1)
- 179118 Debian Security Update for linux (DLA 2940-1)
- 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
- 198659 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5278-1)
- 198665 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5295-1)
- 198667 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5294-1)
- 198673 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5295-2)
- 198674 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5294-2)
- 198676 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5297-1)
- 198678 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5298-1)
- 198728 Ubuntu Security Notification for Linux kernel (Intel IOTG) Vulnerabilities (USN-5362-1)
- 240010 Red Hat Update for kernel-rt (RHSA-2022:0176)
- 240013 Red Hat Update for kernel-rt (RHSA-2022:0187)
- 240015 Red Hat Update for kernel security (RHSA-2022:0186)
- 240018 Red Hat Update for kernel (RHSA-2022:0188)
- 240021 Red Hat Update for kpatch-patch (RHSA-2022:0232)
- 240024 Red Hat Update for kpatch-patch (RHSA-2022:0231)
- 240093 Red Hat Update for kpatch-patch (RHSA-2022:0592)
- 240094 Red Hat Update for kpatch-patch (RHSA-2022:0590)
- 240096 Red Hat Update for kernel-rt (RHSA-2022:0622)
- 240100 Red Hat Update for kernel (RHSA-2022:0636)
- 240101 Red Hat Update for kernel-rt (RHSA-2022:0629)
- 240115 Red Hat Update for kernel (RHSA-2022:0620)
- 240419 Red Hat Update for kpatch-patch (RHSA-2022:0533)
- 240429 Red Hat Update for kernel (RHSA-2022:0344)
- 240447 Red Hat Update for kpatch-patch (RHSA-2022:0335)
- 240448 Red Hat Update for kpatch-patch (RHSA-2022:0718)
- 257155 CentOS Security Update for kernel (CESA-2022:0620)
- 353130 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-021
- 353151 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-009
- 353160 Amazon Linux Security Advisory for kernel : ALAS2-2022-1749
- 353161 Amazon Linux Security Advisory for kernel : ALAS-2022-1563
- 353175 Amazon Linux Security Advisory for kernel-livepatch : ALAS2LIVEPATCH-2022-075
- 353188 Amazon Linux Security Advisory for kernel-livepatch : ALAS2LIVEPATCH-2022-076
- 353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
- 353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
- 353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
- 354747 Amazon Linux Security Advisory for kernel : ALAS-2023-1688
- 376925 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)
- 390254 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2022-0005)
- 390256 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2022-0007)
- 671448 EulerOS Security Update for kernel (EulerOS-SA-2022-1450)
- 671474 EulerOS Security Update for kernel (EulerOS-SA-2022-1429)
- 671505 EulerOS Security Update for kernel (EulerOS-SA-2022-1489)
- 671535 EulerOS Security Update for kernel (EulerOS-SA-2022-1508)
- 671561 EulerOS Security Update for kernel (EulerOS-SA-2022-1523)
- 671703 EulerOS Security Update for kernel (EulerOS-SA-2022-1735)
- 751698 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0362-1)
- 752589 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3264-1)
- 752632 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3450-1)
- 753370 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3609-1)
- 753374 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3809-1)
- 753441 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:14905-1)
- 903711 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10703) (DEPRECATED)
- 903803 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10677)
- 904010 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10703-1)
- 904116 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10677-1)
- 906111 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10703-2)
- 906469 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10677-2)
- 940434 AlmaLinux Security Update for kernel (ALSA-2022:0188)
- 960076 Rocky Linux Security Update for kernel (RLSA-2022:188)
- 960100 Rocky Linux Security Update for kernel-rt (RLSA-2022:176)
- 960786 Rocky Linux Security Update for kernel (RLSA-2022:0188)
- 960861 Rocky Linux Security Update for kernel-rt (RLSA-2022:0176)
Exploit/POC from Github
This repository contains a collection of data files on known Common Vulnerabilities and Exposures (CVEs). Each file i…
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @oss_security |
CVE-2021-4155 kernel: xfs: raw block device data leak in ioctl(XFS_IOC_ALLOCSP): Posted by Rohit Keshri on Jan 10He… twitter.com/i/web/status/1… | 2022-01-10 14:23:33 |
| @omokazuki |
SIOSセキュリティブログを更新しました。 Linux Kernelの脆弱性(Important: CVE-2021-4155) #sios_tech #security #vulnerability #セキュリティ #脆弱性… twitter.com/i/web/status/1… | 2022-01-10 22:36:11 |
| @Investigateful |
CVE-2021-4155 kernel: xfs: raw block device data leak in ioctl(XFS_IOC_ALLOCSP) seclists.org/oss-sec/2022/q… | 2022-01-11 06:56:02 |
| @softek_jp |
Linux Kernel の XFS ファイルシステムの処理に情報漏洩の問題 (CVE-2021-4155) [41074] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 | 2022-01-20 06:34:17 |
| @management_sun |
IT Risk: Debian.linux kernelに複数の脆弱性 -2/2 CVE-2021-28715 CVE-2021-28714 CVE-2021-28713 CVE-2021-28712 CVE-2021-28711 CVE-2021-4155 | 2022-01-21 03:39:21 |
| @kernellogger |
See also: git.kernel.org/torvalds/c/31d… git.kernel.org/torvalds/c/b3b… git.kernel.org/torvalds/c/4d1… access.redhat.com/security/cve/c… Scre… twitter.com/i/web/status/1… | 2022-01-21 07:41:23 |
| @management_sun |
IT Risk: Tenable.Nessusに複数の脆弱性 CVSS v3:9.8(MAX) -2/2 CVE-2021-4001 CVE-2021-4083 CVE-2021-4135 CVE-2021-4155 CVE-20… twitter.com/i/web/status/1… | 2022-02-09 11:51:33 |
| @CVEreport |
CVE-2021-4155 : A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size… twitter.com/i/web/status/1… | 2022-08-24 16:10:49 |
| @LinInfoSec |
Git - CVE-2021-4155: git.kernel.org/pub/scm/linux/… | 2022-08-24 19:00:40 |
 /r/netcve |
CVE-2021-4155 | 2022-08-24 17:38:55 |