CVE-2024-57923: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path Since the input data length passed to zlib_compress_folios() can be arbitrary, always setting strm.avail_in to a multiple of PAGE_SIZE may cause read-in bytes to exceed the input range. Currently this triggers an assert in btrfs_compress_folios() on the debug kernel (see below). Fix strm.avail_in calculation for S390 hardware acceleration path. assertion failed: *total_in <= orig_len, in fs/btrfs/compression.c:1041 ------------[ cut here ]------------ kernel BUG at fs/btrfs/compression.c:1041! monitor event: 0040 ilc:2 [#1] PREEMPT SMP CPU: 16 UID: 0 PID: 325 Comm: kworker/u273:3 Not tainted 6.13.0-20241204.rc1.git6.fae3b21430ca.300.fc41.s390x+debug #1 Hardware name: IBM 3931 A01 703 (z/VM 7.4.0) Workqueue: btrfs-delalloc btrfs_work_helper Krnl PSW : 0704d00180000000 0000021761df6538 (btrfs_compress_folios+0x198/0x1a0) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 Krnl GPRS: 0000000080000000 0000000000000001 0000000000000047 0000000000000000 0000000000000006 ffffff01757bb000 000001976232fcc0 000000000000130c 000001976232fcd0 000001976232fcc8 00000118ff4a0e30 0000000000000001 00000111821ab400 0000011100000000 0000021761df6534 000001976232fb58 Krnl Code: 0000021761df6528: c020006f5ef4 larl %r2,0000021762be2310 0000021761df652e: c0e5ffbd09d5 brasl %r14,00000217615978d8 #0000021761df6534: af000000 mc 0,0 >0000021761df6538: 0707 bcr 0,%r7 0000021761df653a: 0707 bcr 0,%r7 0000021761df653c: 0707 bcr 0,%r7 0000021761df653e: 0707 bcr 0,%r7 0000021761df6540: c004004bb7ec brcl 0,000002176276d518 Call Trace: [<0000021761df6538>] btrfs_compress_folios+0x198/0x1a0 ([<0000021761df6534>] btrfs_compress_folios+0x194/0x1a0) [<0000021761d97788>] compress_file_range+0x3b8/0x6d0 [<0000021761dcee7c>] btrfs_work_helper+0x10c/0x160 [<0000021761645760>] process_one_work+0x2b0/0x5d0 [<000002176164637e>] worker_thread+0x20e/0x3e0 [<000002176165221a>] kthread+0x15a/0x170 [<00000217615b859c>] __ret_from_fork+0x3c/0x60 [<00000217626e72d2>] ret_from_fork+0xa/0x38 INFO: lockdep is turned off. Last Breaking-Event-Address: [<0000021761597924>] _printk+0x4c/0x58 Kernel panic - not syncing: Fatal exception: panic_on_oops
AI Analysis
Technical Summary
CVE-2024-57923 is a vulnerability identified in the Linux kernel's Btrfs filesystem compression code, specifically affecting the zlib compression path on IBM s390 architecture hardware acceleration. The issue arises from incorrect handling of the input data length parameter (strm.avail_in) passed to the zlib_compress_folios() function. The vulnerability occurs because the code sets strm.avail_in to a multiple of PAGE_SIZE regardless of the actual input data length, which can cause the number of bytes read to exceed the legitimate input range. This leads to an assertion failure in the btrfs_compress_folios() function, triggering a kernel BUG and causing a kernel panic. The problem is particularly evident on s390 hardware with zlib hardware acceleration enabled, as demonstrated by the kernel panic logs and call traces provided. The assertion failure indicates a logic error in the compression routine, which can cause system instability or crashes when Btrfs compression is used on affected systems. Although no known exploits are reported in the wild, the vulnerability can be triggered by specially crafted input data to the compression function, potentially leading to denial of service (DoS) through kernel panic. The vulnerability is fixed by correcting the calculation of strm.avail_in to ensure it does not exceed the actual input length, preventing out-of-bounds reads and assertion failures.
Potential Impact
For European organizations running Linux systems with Btrfs filesystems on IBM s390 hardware or emulated environments, this vulnerability poses a risk of system crashes and denial of service. The kernel panic triggered by this bug can lead to unplanned downtime, data unavailability, and potential disruption of critical services. Organizations relying on Btrfs compression for storage efficiency may experience instability if the vulnerability is exploited or triggered inadvertently. Although the vulnerability does not appear to allow privilege escalation or remote code execution, the impact on availability can be significant, especially for enterprise environments using s390 mainframes or z/VM virtualization platforms common in financial, governmental, and large-scale data center operations. The lack of known exploits reduces immediate risk, but the potential for DoS and system instability necessitates prompt patching to maintain operational continuity and data integrity.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix the strm.avail_in calculation in the Btrfs compression code for s390 hardware acceleration as soon as they become available. 2. For organizations using s390 hardware, consider temporarily disabling Btrfs compression or switching to alternative filesystems until patches are applied. 3. Monitor kernel logs for assertion failures or kernel panics related to btrfs_compress_folios to detect potential exploitation attempts or accidental triggers. 4. Implement robust backup and recovery procedures to mitigate data loss risks from unexpected system crashes. 5. Test kernel updates in staging environments that replicate production s390 configurations to ensure stability before deployment. 6. Coordinate with hardware and Linux distribution vendors to receive timely updates and advisories specific to s390 platforms. 7. Limit access to systems running vulnerable kernels to trusted administrators to reduce the risk of malicious triggering of the vulnerability.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Switzerland
CVE-2024-57923: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path Since the input data length passed to zlib_compress_folios() can be arbitrary, always setting strm.avail_in to a multiple of PAGE_SIZE may cause read-in bytes to exceed the input range. Currently this triggers an assert in btrfs_compress_folios() on the debug kernel (see below). Fix strm.avail_in calculation for S390 hardware acceleration path. assertion failed: *total_in <= orig_len, in fs/btrfs/compression.c:1041 ------------[ cut here ]------------ kernel BUG at fs/btrfs/compression.c:1041! monitor event: 0040 ilc:2 [#1] PREEMPT SMP CPU: 16 UID: 0 PID: 325 Comm: kworker/u273:3 Not tainted 6.13.0-20241204.rc1.git6.fae3b21430ca.300.fc41.s390x+debug #1 Hardware name: IBM 3931 A01 703 (z/VM 7.4.0) Workqueue: btrfs-delalloc btrfs_work_helper Krnl PSW : 0704d00180000000 0000021761df6538 (btrfs_compress_folios+0x198/0x1a0) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 Krnl GPRS: 0000000080000000 0000000000000001 0000000000000047 0000000000000000 0000000000000006 ffffff01757bb000 000001976232fcc0 000000000000130c 000001976232fcd0 000001976232fcc8 00000118ff4a0e30 0000000000000001 00000111821ab400 0000011100000000 0000021761df6534 000001976232fb58 Krnl Code: 0000021761df6528: c020006f5ef4 larl %r2,0000021762be2310 0000021761df652e: c0e5ffbd09d5 brasl %r14,00000217615978d8 #0000021761df6534: af000000 mc 0,0 >0000021761df6538: 0707 bcr 0,%r7 0000021761df653a: 0707 bcr 0,%r7 0000021761df653c: 0707 bcr 0,%r7 0000021761df653e: 0707 bcr 0,%r7 0000021761df6540: c004004bb7ec brcl 0,000002176276d518 Call Trace: [<0000021761df6538>] btrfs_compress_folios+0x198/0x1a0 ([<0000021761df6534>] btrfs_compress_folios+0x194/0x1a0) [<0000021761d97788>] compress_file_range+0x3b8/0x6d0 [<0000021761dcee7c>] btrfs_work_helper+0x10c/0x160 [<0000021761645760>] process_one_work+0x2b0/0x5d0 [<000002176164637e>] worker_thread+0x20e/0x3e0 [<000002176165221a>] kthread+0x15a/0x170 [<00000217615b859c>] __ret_from_fork+0x3c/0x60 [<00000217626e72d2>] ret_from_fork+0xa/0x38 INFO: lockdep is turned off. Last Breaking-Event-Address: [<0000021761597924>] _printk+0x4c/0x58 Kernel panic - not syncing: Fatal exception: panic_on_oops
AI-Powered Analysis
Technical Analysis
CVE-2024-57923 is a vulnerability identified in the Linux kernel's Btrfs filesystem compression code, specifically affecting the zlib compression path on IBM s390 architecture hardware acceleration. The issue arises from incorrect handling of the input data length parameter (strm.avail_in) passed to the zlib_compress_folios() function. The vulnerability occurs because the code sets strm.avail_in to a multiple of PAGE_SIZE regardless of the actual input data length, which can cause the number of bytes read to exceed the legitimate input range. This leads to an assertion failure in the btrfs_compress_folios() function, triggering a kernel BUG and causing a kernel panic. The problem is particularly evident on s390 hardware with zlib hardware acceleration enabled, as demonstrated by the kernel panic logs and call traces provided. The assertion failure indicates a logic error in the compression routine, which can cause system instability or crashes when Btrfs compression is used on affected systems. Although no known exploits are reported in the wild, the vulnerability can be triggered by specially crafted input data to the compression function, potentially leading to denial of service (DoS) through kernel panic. The vulnerability is fixed by correcting the calculation of strm.avail_in to ensure it does not exceed the actual input length, preventing out-of-bounds reads and assertion failures.
Potential Impact
For European organizations running Linux systems with Btrfs filesystems on IBM s390 hardware or emulated environments, this vulnerability poses a risk of system crashes and denial of service. The kernel panic triggered by this bug can lead to unplanned downtime, data unavailability, and potential disruption of critical services. Organizations relying on Btrfs compression for storage efficiency may experience instability if the vulnerability is exploited or triggered inadvertently. Although the vulnerability does not appear to allow privilege escalation or remote code execution, the impact on availability can be significant, especially for enterprise environments using s390 mainframes or z/VM virtualization platforms common in financial, governmental, and large-scale data center operations. The lack of known exploits reduces immediate risk, but the potential for DoS and system instability necessitates prompt patching to maintain operational continuity and data integrity.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix the strm.avail_in calculation in the Btrfs compression code for s390 hardware acceleration as soon as they become available. 2. For organizations using s390 hardware, consider temporarily disabling Btrfs compression or switching to alternative filesystems until patches are applied. 3. Monitor kernel logs for assertion failures or kernel panics related to btrfs_compress_folios to detect potential exploitation attempts or accidental triggers. 4. Implement robust backup and recovery procedures to mitigate data loss risks from unexpected system crashes. 5. Test kernel updates in staging environments that replicate production s390 configurations to ensure stability before deployment. 6. Coordinate with hardware and Linux distribution vendors to receive timely updates and advisories specific to s390 platforms. 7. Limit access to systems running vulnerable kernels to trusted administrators to reduce the risk of malicious triggering of the vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-01-19T11:50:08.376Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdea69
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 8:57:07 AM
Last updated: 8/17/2025, 4:04:23 PM
Views: 15
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.