In the Linux kernel, the following vulnerability has been resolved: watchqueue: fix pipe accounting mismatch Currently, watchqueuesetsize() modifies the pipe buffers charged to user->pipebufs without updating the pipe->nraccounted on the pipe itself, due to the if (!pipehaswatchqueue()) test in piperesizering(). This means that when the pipe is ultimately freed, we decrement user->pipebufs by something other than what than we had charged to it, potentially leading to an underflow. This in turn can cause subsequent toomanypipebufferssoft() tests to fail with -EPERM. To remedy this, explicitly account for the pipe usage in watchqueuesetsize() to match the number set via accountpipebuffers() (It's unclear why watchqueuesetsize() does not update nraccounted; it may be due to intentional overprovisioning in watchqueuesetsize()?)