{"uuid": "86671e6b-86b1-43b7-8de8-cb1e54732406", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57923", "type": "seen", "source": "https://t.me/cvedetector/15847", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57923 - btrfs zlib S390 Hardware Acceleration Path Buffer Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-57923 \nPublished : Jan. 19, 2025, 12:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nbtrfs: zlib: fix avail_in bytes for s390 zlib HW compression path  \n  \nSince the input data length passed to zlib_compress_folios() can be  \narbitrary, always setting strm.avail_in to a multiple of PAGE_SIZE may  \ncause read-in bytes to exceed the input range. Currently this triggers  \nan assert in btrfs_compress_folios() on the debug kernel (see below).  \nFix strm.avail_in calculation for S390 hardware acceleration path.  \n  \n  assertion failed: *total_in <=0000021761df6538: 0707                bcr     0,%r7  \n             0000021761df653a: 0707                bcr     0,%r7  \n             0000021761df653c: 0707                bcr     0,%r7  \n             0000021761df653e: 0707                bcr     0,%r7  \n             0000021761df6540: c004004bb7ec        brcl    0,000002176276d518  \n  Call Trace:  \n   [<0000021761df6538] btrfs_compress_folios+0x198/0x1a0  \n  ([<0000021761df6534] btrfs_compress_folios+0x194/0x1a0)  \n   [<0000021761d97788] compress_file_range+0x3b8/0x6d0  \n   [<0000021761dcee7c] btrfs_work_helper+0x10c/0x160  \n   [<0000021761645760] process_one_work+0x2b0/0x5d0  \n   [<000002176164637e] worker_thread+0x20e/0x3e0  \n   [<000002176165221a] kthread+0x15a/0x170  \n   [<00000217615b859c] __ret_from_fork+0x3c/0x60  \n   [<00000217626e72d2] ret_from_fork+0xa/0x38  \n  INFO: lockdep is turned off.  \n  Last Breaking-Event-Address:  \n   [<0000021761597924] _printk+0x4c/0x58  \n  Kernel panic - not syncing: Fatal exception: panic_on_oops \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-19T13:58:19.000000Z"}