Linux Kernel Btrfs Compression Vulnerability on S390 Hardware Acceleration

A vulnerability in the Linux kernel's Btrfs file system compression routine for S390 hardware has been identified. The issue arises because the input data length to the zlib compression function can vary, leading to a situation where the read bytes may exceed the actual input range. This discrepancy triggers an assertion failure in the Btrfs compression function, causing a kernel panic. The vulnerability has been resolved by correcting the calculation of the input length for the S390 zlib hardware compression path.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by using the Btrfs file system on a Linux kernel version that includes this vulnerability, specifically on S390 hardware. When the Btrfs compression function is called with certain input data lengths, the incorrect calculation of the available input bytes for the zlib compression can cause the read bytes to exceed the input range, triggering an assertion failure. This can be observed in the debug kernel, where the assertion failure leads to a kernel panic.

Remediation

Users should upgrade to a patched version of the Linux kernel where this vulnerability has been addressed.