5.5

CVE-2025-23138

watch_queue: fix pipe accounting mismatch

In the Linux kernel, the following vulnerability has been resolved:

watch_queue: fix pipe accounting mismatch

Currently, watch_queue_set_size() modifies the pipe buffers charged to
user->pipe_bufs without updating the pipe->nr_accounted on the pipe
itself, due to the if (!pipe_has_watch_queue()) test in
pipe_resize_ring(). This means that when the pipe is ultimately freed,
we decrement user->pipe_bufs by something other than what than we had
charged to it, potentially leading to an underflow. This in turn can
cause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM.

To remedy this, explicitly account for the pipe usage in
watch_queue_set_size() to match the number set via account_pipe_buffers()

(It's unclear why watch_queue_set_size() does not update nr_accounted;
it may be due to intentional overprovisioning in watch_queue_set_size()?)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10.210 < 5.10.236
LinuxLinux Kernel Version >= 5.15.149 < 5.15.180
LinuxLinux Kernel Version >= 6.1.76 < 6.1.134
LinuxLinux Kernel Version >= 6.6.15 < 6.6.87
LinuxLinux Kernel Version >= 6.7.3 < 6.12.23
LinuxLinux Kernel Version >= 6.13 < 6.13.11
LinuxLinux Kernel Version >= 6.14 < 6.14.2
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.07
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/8658c75343ed00e5e154ebbe24335f51ba8db547
Patch
https://git.kernel.org/stable/c/471c89b7d4f58bd6082f7c1fe14d4ca15c7f1284
Patch
https://git.kernel.org/stable/c/d40e3537265dea9e3c33021874437ff26dc18787
Patch
https://git.kernel.org/stable/c/6dafa27764183738dc5368b669b71e3d0d154f12
Patch
https://git.kernel.org/stable/c/56ec918e6c86c1536870e4373e91eddd0c44245f
Patch
https://git.kernel.org/stable/c/2d680b988656bb556c863d8b46d9b9096842bf3d
Patch
https://git.kernel.org/stable/c/205028ebba838938d3b264dda1d0708fa7fe1ade
Patch
https://git.kernel.org/stable/c/f13abc1e8e1a3b7455511c4e122750127f6bc9b0
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Mailing List
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
Mailing List