VYPR
Medium severity5.5NVD Advisory· Published Apr 16, 2025· Updated Jun 17, 2026

CVE-2025-23138

CVE-2025-23138

Description

In the Linux kernel, the following vulnerability has been resolved:

watch_queue: fix pipe accounting mismatch

Currently, watch_queue_set_size() modifies the pipe buffers charged to user->pipe_bufs without updating the pipe->nr_accounted on the pipe itself, due to the if (!pipe_has_watch_queue()) test in pipe_resize_ring(). This means that when the pipe is ultimately freed, we decrement user->pipe_bufs by something other than what than we had charged to it, potentially leading to an underflow. This in turn can cause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM.

To remedy this, explicitly account for the pipe usage in watch_queue_set_size() to match the number set via account_pipe_buffers()

(It's unclear why watch_queue_set_size() does not update nr_accounted; it may be due to intentional overprovisioning in watch_queue_set_size()?)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

168

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.