CVE-2024-57923
📋 TL;DR
A vulnerability in the Linux kernel's Btrfs filesystem compression module for S390 hardware acceleration causes a kernel panic when compressing arbitrary-length data. This affects Linux systems using Btrfs compression on S390 architecture hardware. The vulnerability triggers an assertion failure leading to denial of service.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data corruption or loss if filesystem operations are interrupted.
Likely Case
System crash when Btrfs compression is used on S390 hardware with arbitrary data sizes, resulting in temporary unavailability.
If Mitigated
No impact if Btrfs compression is disabled or system doesn't use S390 architecture.
🎯 Exploit Status
Exploitation requires local access and ability to trigger Btrfs compression operations with specific data sizes. Not remotely exploitable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches via git commits 0ee4736c003daded513de0ff112d4a1e9c85bbab and 25adbb08aeadcff883ab801df99fd20fefbb6ca4
Vendor Advisory: https://git.kernel.org/stable/c/0ee4736c003daded513de0ff112d4a1e9c85bbab
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version
2. Check if your distribution has released security updates
3. Reboot system after kernel update
🔧 Temporary Workarounds
Disable Btrfs compression
linuxTurn off compression for Btrfs filesystems to prevent triggering the vulnerability
mount -o remount,compress=none /mount/point
Add 'compress=none' to /etc/fstab for Btrfs partitions
Disable hardware acceleration for zlib
linuxForce software-only zlib compression if hardware acceleration must remain enabled
echo 0 > /sys/module/zlib_deflate/parameters/s390_hw
Add 'zlib_deflate.s390_hw=0' to kernel boot parameters
🧯 If You Can't Patch
- Disable Btrfs compression on all filesystems
- Avoid using S390 hardware for systems requiring Btrfs compression
🔍 How to Verify
Check if Vulnerable:
Check kernel version and architecture: uname -r && uname -m. If S390 architecture and using Btrfs with compression, system may be vulnerable.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or check with distribution's security advisory. Test Btrfs compression operations on S390 hardware.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'btrfs_compress_folios'
- Assertion failed messages with 'total_in <= orig_len'
- Btrfs compression-related crashes in system logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("btrfs_compress_folios" OR "assertion failed" AND "compression.c:1041")