CVE-2021-4155

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-4155
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-08-24 16:15:00 UTC
Updated2022-08-29 13:39:00 UTC
DescriptionA data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

Risk And Classification

Problem Types: CWE-131

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All

References

ReferenceSourceLinkTags
CVE-2021-4155 MISC security-tracker.debian.org
kernel/git/torvalds/linux.git - Linux kernel source tree MISC git.kernel.org
2034813 – (CVE-2021-4155) CVE-2021-4155 kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL MISC bugzilla.redhat.com
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
oss-security - CVE-2021-4155 kernel: xfs: raw block device data leak in ioctl(XFS_IOC_ALLOCSP) MISC www.openwall.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159599 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-0188)
  • 159610 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9010)
  • 159611 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2022-9011)
  • 159612 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9012)
  • 159613 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2022-9013)
  • 159614 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9014)
  • 159621 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9088)
  • 159641 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9147)
  • 159642 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2022-9148)
  • 159664 Oracle Enterprise Linux Security Update for kernel security and bug fix update (ELSA-2022-0620)
  • 160089 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-9781)
  • 179012 Debian Security Update for linux (DSA 5050-1)
  • 179117 Debian Security Update for linux (DSA 5096-1)
  • 179118 Debian Security Update for linux (DLA 2940-1)
  • 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
  • 184776 Debian Security Update for linux (CVE-2021-4155)
  • 198659 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5278-1)
  • 198665 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5295-1)
  • 198667 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5294-1)
  • 198673 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5295-2)
  • 198674 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5294-2)
  • 198676 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5297-1)
  • 198678 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5298-1)
  • 198728 Ubuntu Security Notification for Linux kernel (Intel IOTG) Vulnerabilities (USN-5362-1)
  • 199555 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5926-1)
  • 199590 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-5884-1)
  • 240010 Red Hat Update for kernel-rt (RHSA-2022:0176)
  • 240013 Red Hat Update for kernel-rt (RHSA-2022:0187)
  • 240015 Red Hat Update for kernel security (RHSA-2022:0186)
  • 240018 Red Hat Update for kernel (RHSA-2022:0188)
  • 240021 Red Hat Update for kpatch-patch (RHSA-2022:0232)
  • 240024 Red Hat Update for kpatch-patch (RHSA-2022:0231)
  • 240093 Red Hat Update for kpatch-patch (RHSA-2022:0592)
  • 240094 Red Hat Update for kpatch-patch (RHSA-2022:0590)
  • 240096 Red Hat Update for kernel-rt (RHSA-2022:0622)
  • 240100 Red Hat Update for kernel (RHSA-2022:0636)
  • 240101 Red Hat Update for kernel-rt (RHSA-2022:0629)
  • 240115 Red Hat Update for kernel (RHSA-2022:0620)
  • 240419 Red Hat Update for kpatch-patch (RHSA-2022:0533)
  • 240429 Red Hat Update for kernel (RHSA-2022:0344)
  • 240447 Red Hat Update for kpatch-patch (RHSA-2022:0335)
  • 240448 Red Hat Update for kpatch-patch (RHSA-2022:0718)
  • 257155 CentOS Security Update for kernel (CESA-2022:0620)
  • 353130 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-021
  • 353151 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-009
  • 353160 Amazon Linux Security Advisory for kernel : ALAS2-2022-1749
  • 353161 Amazon Linux Security Advisory for kernel : ALAS-2022-1563
  • 353175 Amazon Linux Security Advisory for kernel-livepatch : ALAS2LIVEPATCH-2022-075
  • 353188 Amazon Linux Security Advisory for kernel-livepatch : ALAS2LIVEPATCH-2022-076
  • 353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
  • 353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
  • 353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
  • 354747 Amazon Linux Security Advisory for kernel : ALAS-2023-1688
  • 376925 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)
  • 390254 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2022-0005)
  • 390256 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2022-0007)
  • 6140042 AWS Bottlerocket Security Update for kernel (GHSA-7x2p-qg99-5mpv)
  • 671448 EulerOS Security Update for kernel (EulerOS-SA-2022-1450)
  • 671474 EulerOS Security Update for kernel (EulerOS-SA-2022-1429)
  • 671505 EulerOS Security Update for kernel (EulerOS-SA-2022-1489)
  • 671535 EulerOS Security Update for kernel (EulerOS-SA-2022-1508)
  • 671561 EulerOS Security Update for kernel (EulerOS-SA-2022-1523)
  • 671703 EulerOS Security Update for kernel (EulerOS-SA-2022-1735)
  • 751698 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0362-1)
  • 752589 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3264-1)
  • 752632 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3450-1)
  • 753370 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3609-1)
  • 753374 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3809-1)
  • 753441 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:14905-1)
  • 903711 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10703) (DEPRECATED)
  • 903803 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10677)
  • 904010 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10703-1)
  • 904116 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10677-1)
  • 906111 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10703-2)
  • 906469 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10677-2)
  • 940434 AlmaLinux Security Update for kernel (ALSA-2022:0188)
  • 960076 Rocky Linux Security Update for kernel (RLSA-2022:188)
  • 960100 Rocky Linux Security Update for kernel-rt (RLSA-2022:176)
  • 960786 Rocky Linux Security Update for kernel (RLSA-2022:0188)
  • 960861 Rocky Linux Security Update for kernel-rt (RLSA-2022:0176)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report