Linux Kernel Pipe Accounting Vulnerability in Watch Queue Management

Vulnerability

A vulnerability in the Linux kernel's handling of pipe buffer accounting has been identified. The issue arises in the watch_queue_set_size() function, which modifies the pipe buffers charged to the user without properly updating the pipe's internal accounting. This discrepancy can lead to an underflow when the pipe is freed, causing subsequent pipe buffer tests to fail. The vulnerability has been addressed by ensuring that the pipe usage is accurately accounted for in the watch queue management functions.

Impact

The vulnerability can cause incorrect pipe buffer accounting, leading to underflows and failures in pipe buffer management tests.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Pipe Accounting Vulnerability in Watch Queue Management

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating