{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npipe: wakeup wr_wait after setting max_usage\n\nCommit c73be61cede5 (\"pipe: Add general notification queue support\") a\nregression was introduced that would lock up resized pipes under certain\nconditions. See the reproducer in [1].\n\nThe commit resizing the pipe ring size was moved to a different\nfunction, doing that moved the wakeup for pipe->wr_wait before actually\nraising pipe->max_usage. If a pipe was full before the resize occured it\nwould result in the wakeup never actually triggering pipe_write.\n\nSet @max_usage and @nr_accounted before waking writers if this isn't a\nwatch queue.\n\n[Christian Brauner : rewrite to account for watch queues]" } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/pipe.c" ], "versions": [ { "version": "c73be61cede5", "lessThan": "162ae0e78bda", "status": "affected", "versionType": "git" }, { "version": "c73be61cede5", "lessThan": "3efbd114b915", "status": "affected", "versionType": "git" }, { "version": "c73be61cede5", "lessThan": "b87a1229d866", "status": "affected", "versionType": "git" }, { "version": "c73be61cede5", "lessThan": "68e51bdb1194", "status": "affected", "versionType": "git" }, { "version": "c73be61cede5", "lessThan": "6fb70694f8d1", "status": "affected", "versionType": "git" }, { "version": "c73be61cede5", "lessThan": "e95aada4cb93", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/pipe.c" ], "versions": [ { "version": "5.8", "status": "affected" }, { "version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "custom" }, { "version": "5.10.210", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.15.149", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.1.76", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.6.15", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.7.3", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom" }, { "version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8" }, { "url": "https://git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9" }, { "url": "https://git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f" }, { "url": "https://git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24" }, { "url": "https://git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55" }, { "url": "https://git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a" } ], "title": "pipe: wakeup wr_wait after setting max_usage", "x_generator": { "engine": "bippy-a5840b7849dd" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2023-52672", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }