Alexander Egorenkov

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the decompressor in the Linux kernel, specifically on the s390 architecture. Historically, calls to ` decompress()` did not specify the `out len` parameter, expecting no writes beyond the uncompressed kernel image. However, with the inclusion of the zstd library commit, this behavior changed, allowing the decompression code to store literal buffers in the unwritten portion of the destination buffer. Since `out len` is not set, it is considered unlimited, which might corrupt initrd or ipl reports placed after the decompressor buffer. The size of the uncompressed kernel image is known to the decompressor, so specifying it in the `out len` parameter resolves the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.