CVE-2025-23138

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-23138
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23138.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-23138
Downstream
Related
Published
2025-04-16T15:16:08Z
Modified
2025-08-09T19:01:27Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

watch_queue: fix pipe accounting mismatch

Currently, watchqueuesetsize() modifies the pipe buffers charged to user->pipebufs without updating the pipe->nraccounted on the pipe itself, due to the if (!pipehaswatchqueue()) test in piperesizering(). This means that when the pipe is ultimately freed, we decrement user->pipebufs by something other than what than we had charged to it, potentially leading to an underflow. This in turn can cause subsequent toomanypipebuffers_soft() tests to fail with -EPERM.

To remedy this, explicitly account for the pipe usage in watchqueuesetsize() to match the number set via accountpipe_buffers()

(It's unclear why watchqueuesetsize() does not update nraccounted; it may be due to intentional overprovisioning in watchqueueset_size()?)

References

Affected packages