CVE-2025-23138
Published: Apr 16, 2025
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: watch_queue: fix pipe accounting mismatch Currently, watch_queue_set_size() modifies the pipe buffers charged to user->pipe_bufs without updating the pipe->nr_accounted on the pipe itself, due to the if (!pipe_has_watch_queue()) test in pipe_resize_ring(). This means that when the pipe is ultimately freed, we decrement user->pipe_bufs by something other than what than we had charged to it, potentially leading to an underflow. This in turn can cause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM. To remedy this, explicitly account for the pipe usage in watch_queue_set_size() to match the number set via account_pipe_buffers() (It's unclear why watch_queue_set_size() does not update nr_accounted; it may be due to intentional overprovisioning in watch_queue_set_size()?)
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8 - < 8658c75343ed00e5e154ebbe24335f51ba8db547affected 3efbd114b91525bb095b8ae046382197d92126b9 - < 471c89b7d4f58bd6082f7c1fe14d4ca15c7f1284affected b87a1229d8668fbc78ebd9ca0fc797a76001c60f - < d40e3537265dea9e3c33021874437ff26dc18787affected 68e51bdb1194f11d3452525b99c98aff6f837b24 - < 6dafa27764183738dc5368b669b71e3d0d154f12affected e95aada4cb93d42e25c30a0ef9eb2923d9711d4a - < 56ec918e6c86c1536870e4373e91eddd0c44245f+9 more versions |
Linux | Linux | affected 6.8unaffected 0 - < 6.8unaffected 5.10.236 - <= 5.10.*unaffected 5.15.180 - <= 5.15.*unaffected 6.1.134 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now