CVE-2021-4155

Public on 2022-01-24
Modified on 2022-03-07
Description
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
5.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 kernel 2022-02-08 ALAS-2022-1563 Fixed
Amazon Linux 1 kernel 2023-02-22 ALAS-2023-1688 Fixed
Amazon Linux 2 - Core kernel 2022-02-08 ALAS2-2022-1749 Fixed
Amazon Linux 2 - Kernel-5.10 Extra kernel 2022-01-28 ALAS2KERNEL-5.10-2022-009 Fixed
Amazon Linux 2 - Kernel-5.4 Extra kernel 2022-01-28 ALAS2KERNEL-5.4-2022-021 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.256-197.484 2022-03-08 ALAS2LIVEPATCH-2022-075 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.82-83.359 2022-03-08 ALAS2LIVEPATCH-2022-076 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
NVD CVSSv3 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2021-4155 Mitre: CVE-2021-4155