Bugzilla – Bug 1194272
VUL-0: CVE-2021-4155: kernel-source: xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
Last modified: 2023-01-18 17:21:33 UTC
*** Bug 1194051 has been marked as a duplicate of this bug. ***
I'm currently working on the backports, I'll hand it over to security once they are merged with the embargoed branches.
I've pushed the following that cover all our active branches: users/ailiopoulos/SLE15-SP2/bsc1194272 users/ailiopoulos/SLE15-SP4/bsc1194272 users/ailiopoulos/cve/linux-2.6.32/bsc1194272 users/ailiopoulos/cve/linux-3.0/bsc1194272 users/ailiopoulos/cve/linux-4.12/bsc1194272 users/ailiopoulos/cve/linux-4.4/bsc1194272 and notified the respective branch maintainers for a merge request into the respective embargoed repos.
handing back over to security, since all branch maintainers have been notified for the merge.
public commit 983d8e60f50806f90534cc5373d0ce867e5aaf79 Author: Darrick J. Wong <djwong@kernel.org> Date: Wed Dec 22 14:19:18 2021 -0800 xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate The old ALLOCSP/FREESP ioctls in XFS can be used to preallocate space at the end of files, just like fallocate and RESVSP. Make the behavior consistent with the other ioctls. Reported-by: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by: Darrick J. Wong <djwong@kernel.org> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Hello, A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for a size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. #Description (Kirill reported) "the scenario is: 1)truncate() file by unaligned @size; 2)ioctl(XFS_IOC_ALLOCSP) to increase the file size up to 4096. then xfs_ioc_space()->xfs_vn_setattr_size() never zeros [round_down(@size, 4096), @size] and this raw block device data leaks away to user." #Fix The patch for this issue: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79 #CVE Red Hat has assigned CVE-2021-4155 to this issue. https://access.redhat.com/security/cve/CVE-2021-4155 https://bugzilla.redhat.com/show_bug.cgi?id=2034813 #Credit Kirill Tkhai (Virtuozzo Kernel team) Thanks, .. Rohit Keshri / Red Hat Product Security Team PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D
SUSE-SU-2022:0362-1: An update that solves 23 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1012382,1179960,1183696,1186207,1192032,1192267,1192847,1192877,1192946,1193157,1193440,1193442,1193507,1193575,1193669,1193727,1193861,1193864,1193867,1194001,1194087,1194094,1194272,1194302,1194516,1194529,1194880 CVE References: CVE-2018-25020,CVE-2019-0136,CVE-2020-35519,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4149,CVE-2021-4155,CVE-2021-4197,CVE-2021-4202,CVE-2021-43976,CVE-2021-45095,CVE-2021-45485,CVE-2021-45486,CVE-2022-0330 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): kernel-default-4.4.180-94.153.1, kernel-source-4.4.180-94.153.1, kernel-syms-4.4.180-94.153.1, kgraft-patch-SLE12-SP3_Update_42-1-4.3.1 SUSE OpenStack Cloud 8 (src): kernel-default-4.4.180-94.153.1, kernel-source-4.4.180-94.153.1, kernel-syms-4.4.180-94.153.1, kgraft-patch-SLE12-SP3_Update_42-1-4.3.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): kernel-default-4.4.180-94.153.1, kernel-source-4.4.180-94.153.1, kernel-syms-4.4.180-94.153.1, kgraft-patch-SLE12-SP3_Update_42-1-4.3.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): kernel-default-4.4.180-94.153.1, kernel-source-4.4.180-94.153.1, kernel-syms-4.4.180-94.153.1, kgraft-patch-SLE12-SP3_Update_42-1-4.3.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): kernel-default-4.4.180-94.153.1, kernel-source-4.4.180-94.153.1, kernel-syms-4.4.180-94.153.1 SUSE Linux Enterprise High Availability 12-SP3 (src): kernel-default-4.4.180-94.153.1 HPE Helion Openstack 8 (src): kernel-default-4.4.180-94.153.1, kernel-source-4.4.180-94.153.1, kernel-syms-4.4.180-94.153.1, kgraft-patch-SLE12-SP3_Update_42-1-4.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:0477-1: An update that solves 23 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1012382,1179960,1183696,1186207,1192032,1192847,1192877,1192946,1193157,1193440,1193442,1193575,1193669,1193727,1193861,1193864,1193867,1194001,1194087,1194094,1194272,1194302,1194516,1194529,1194880 CVE References: CVE-2018-25020,CVE-2019-0136,CVE-2020-35519,CVE-2021-0935,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28715,CVE-2021-33098,CVE-2021-3564,CVE-2021-39648,CVE-2021-39657,CVE-2021-4002,CVE-2021-4083,CVE-2021-4149,CVE-2021-4155,CVE-2021-4197,CVE-2021-4202,CVE-2021-43976,CVE-2021-45095,CVE-2021-45485,CVE-2021-45486,CVE-2022-0330 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): kernel-default-4.4.121-92.164.1, kernel-source-4.4.121-92.164.1, kernel-syms-4.4.121-92.164.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:14905-1: An update that solves 10 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1171420,1179599,1190025,1191580,1193157,1193669,1193867,1194272,1195109,1195543,1195908,1196079,1196612 CVE References: CVE-2019-0136,CVE-2020-12770,CVE-2020-27820,CVE-2021-3753,CVE-2021-4155,CVE-2021-45095,CVE-2022-0001,CVE-2022-0002,CVE-2022-0492,CVE-2022-0617 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): kernel-bigmem-3.0.101-108.135.1, kernel-default-3.0.101-108.135.1, kernel-ec2-3.0.101-108.135.1, kernel-pae-3.0.101-108.135.1, kernel-ppc64-3.0.101-108.135.1, kernel-source-3.0.101-108.135.1, kernel-syms-3.0.101-108.135.1, kernel-trace-3.0.101-108.135.1, kernel-xen-3.0.101-108.135.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-default-3.0.101-108.135.1, kernel-pae-3.0.101-108.135.1, kernel-ppc64-3.0.101-108.135.1, kernel-trace-3.0.101-108.135.1, kernel-xen-3.0.101-108.135.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-bigmem-3.0.101-108.135.1, kernel-default-3.0.101-108.135.1, kernel-ec2-3.0.101-108.135.1, kernel-pae-3.0.101-108.135.1, kernel-ppc64-3.0.101-108.135.1, kernel-trace-3.0.101-108.135.1, kernel-xen-3.0.101-108.135.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Hi Anthony, it seems that 5.3 based kernels don't have the fix. Can you please submit to cve/linux-5.3 and SLE15-SP3? :)
(In reply to Thomas Leroy from comment #32) > Hi Anthony, it seems that 5.3 based kernels don't have the fix. Can you > please submit to cve/linux-5.3 and SLE15-SP3? :) hmm so I had submitted only to SLE15-SP2 back then (comment #6) as at that point SLE15-SP3 was automerging from it. The cve/linux-5.3 didn't exist yet, it was created that same exact day via commit cbc0f38f646c ("branches.conf: SLE 15 SP2 goes LTSS") in kbuild. I suppose this is why it was missed. Anyhow, now submitted to users/ailiopoulos/cve/linux-5.3/for-next, and it will be automerged to SLE15-SP3.
SUSE-SU-2022:3264-1: An update that solves 15 vulnerabilities, contains one feature and has 61 fixes is now available. Category: security (important) Bug References: 1023051,1065729,1156395,1179722,1179723,1181862,1191662,1191667,1191881,1192594,1192968,1194272,1194535,1197158,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199291,1200431,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201420,1201610,1201705,1201726,1201948,1202096,1202097,1202346,1202347,1202393,1202396,1202447,1202564,1202577,1202636,1202672,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1203063,1203098,1203107,1203116,1203117,1203135,1203136,1203137 CVE References: CVE-2016-3695,CVE-2020-27784,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190 JIRA References: SLE-24635 Sources used: openSUSE Leap Micro 5.2 (src): kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1 openSUSE Leap 15.4 (src): dtb-aarch64-5.3.18-150300.59.93.1 openSUSE Leap 15.3 (src): dtb-aarch64-5.3.18-150300.59.93.1, kernel-64kb-5.3.18-150300.59.93.1, kernel-debug-5.3.18-150300.59.93.1, kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1, kernel-docs-5.3.18-150300.59.93.1, kernel-kvmsmall-5.3.18-150300.59.93.1, kernel-obs-build-5.3.18-150300.59.93.1, kernel-obs-qa-5.3.18-150300.59.93.1, kernel-preempt-5.3.18-150300.59.93.1, kernel-source-5.3.18-150300.59.93.1, kernel-syms-5.3.18-150300.59.93.1, kernel-zfcpdump-5.3.18-150300.59.93.1 SUSE Linux Enterprise Workstation Extension 15-SP3 (src): kernel-default-5.3.18-150300.59.93.1, kernel-preempt-5.3.18-150300.59.93.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 (src): kernel-default-5.3.18-150300.59.93.1, kernel-livepatch-SLE15-SP3_Update_24-1-150300.7.3.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): kernel-default-5.3.18-150300.59.93.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): kernel-docs-5.3.18-150300.59.93.1, kernel-obs-build-5.3.18-150300.59.93.1, kernel-preempt-5.3.18-150300.59.93.1, kernel-source-5.3.18-150300.59.93.1, kernel-syms-5.3.18-150300.59.93.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): kernel-64kb-5.3.18-150300.59.93.1, kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1, kernel-preempt-5.3.18-150300.59.93.1, kernel-source-5.3.18-150300.59.93.1, kernel-zfcpdump-5.3.18-150300.59.93.1 SUSE Linux Enterprise Micro 5.2 (src): kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-default-5.3.18-150300.59.93.1, kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1 SUSE Linux Enterprise High Availability 15-SP3 (src): kernel-default-5.3.18-150300.59.93.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3450-1: An update that solves 20 vulnerabilities and has 8 fixes is now available. Category: security (important) Bug References: 1023051,1180153,1188944,1191881,1192968,1194272,1194535,1196616,1197158,1199482,1199665,1201726,1201948,1202096,1202097,1202154,1202346,1202347,1202393,1202396,1202564,1202672,1202860,1202895,1202898,1203098,1203107,1203159 CVE References: CVE-2016-3695,CVE-2020-27784,CVE-2020-36516,CVE-2021-4155,CVE-2021-4203,CVE-2022-1012,CVE-2022-20166,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-2905,CVE-2022-29581,CVE-2022-2977,CVE-2022-3028,CVE-2022-32250,CVE-2022-36879,CVE-2022-39188 JIRA References: Sources used: SUSE Manager Server 4.1 (src): kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1 SUSE Manager Retail Branch Server 4.1 (src): kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1 SUSE Manager Proxy 4.1 (src): kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-150200.24.129.1, kernel-livepatch-SLE15-SP2_Update_30-1-150200.5.3.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-150200.24.129.1 SUSE Enterprise Storage 7 (src): kernel-default-5.3.18-150200.24.129.1, kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1, kernel-docs-5.3.18-150200.24.129.1, kernel-obs-build-5.3.18-150200.24.129.1, kernel-preempt-5.3.18-150200.24.129.1, kernel-source-5.3.18-150200.24.129.1, kernel-syms-5.3.18-150200.24.129.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3609-1: An update that solves 26 vulnerabilities, contains two features and has 89 fixes is now available. Category: security (important) Bug References: 1023051,1065729,1156395,1177471,1179722,1179723,1181862,1185032,1191662,1191667,1191881,1192594,1194023,1194272,1194535,1196444,1196616,1196867,1197158,1197659,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199255,1199291,1200084,1200313,1200431,1200622,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201309,1201310,1201420,1201442,1201489,1201610,1201645,1201705,1201726,1201865,1201948,1201990,1202095,1202096,1202097,1202154,1202341,1202346,1202347,1202385,1202393,1202396,1202447,1202577,1202636,1202672,1202677,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1202960,1202984,1203063,1203098,1203107,1203116,1203117,1203135,1203136,1203137,1203159,1203313,1203389,1203410,1203424,1203552,1203622,1203737,1203769,1203906,1203909,1203933,1203935,1203939,1203987,1203992 CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-27784,CVE-2020-36516,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2503,CVE-2022-2586,CVE-2022-2588,CVE-2022-26373,CVE-2022-2639,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-3239,CVE-2022-3303,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190,CVE-2022-41218,CVE-2022-41222,CVE-2022-41848,CVE-2022-41849 JIRA References: PED-529,SLE-24635 Sources used: openSUSE Leap 15.3 (src): kernel-azure-5.3.18-150300.38.80.1, kernel-source-azure-5.3.18-150300.38.80.1, kernel-syms-azure-5.3.18-150300.38.80.1 SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src): kernel-azure-5.3.18-150300.38.80.1, kernel-source-azure-5.3.18-150300.38.80.1, kernel-syms-azure-5.3.18-150300.38.80.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3809-1: An update that solves 32 vulnerabilities, contains two features and has 84 fixes is now available. Category: security (important) Bug References: 1023051,1065729,1152489,1156395,1177471,1179722,1179723,1181862,1185032,1191662,1191667,1191881,1192594,1194023,1194272,1194535,1196444,1197158,1197659,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199291,1200288,1200313,1200431,1200622,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201309,1201310,1201420,1201489,1201610,1201705,1201726,1201865,1201948,1201990,1202095,1202096,1202097,1202341,1202346,1202347,1202385,1202393,1202396,1202447,1202577,1202636,1202638,1202672,1202677,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1202960,1202984,1203063,1203098,1203107,1203117,1203135,1203136,1203137,1203159,1203290,1203389,1203410,1203424,1203514,1203552,1203622,1203737,1203769,1203770,1203802,1203906,1203909,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125 CVE References: CVE-2016-3695,CVE-2020-16119,CVE-2020-27784,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2503,CVE-2022-2586,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-3169,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190,CVE-2022-40768,CVE-2022-41218,CVE-2022-41222,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722 JIRA References: PED-529,SLE-24635 Sources used: openSUSE Leap Micro 5.2 (src): kernel-rt-5.3.18-150300.106.1 SUSE Linux Enterprise Module for Realtime 15-SP3 (src): kernel-rt-5.3.18-150300.106.1, kernel-rt_debug-5.3.18-150300.106.1, kernel-source-rt-5.3.18-150300.106.1, kernel-syms-rt-5.3.18-150300.106.1 SUSE Linux Enterprise Micro 5.2 (src): kernel-rt-5.3.18-150300.106.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-rt-5.3.18-150300.106.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.