CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
10.3%
In the Linux kernel, the following vulnerability has been resolved:
pipe: wakeup wr_wait after setting max_usage
Commit c73be61cede5 (“pipe: Add general notification queue support”) a
regression was introduced that would lock up resized pipes under certain
conditions. See the reproducer in [1].
The commit resizing the pipe ring size was moved to a different
function, doing that moved the wakeup for pipe->wr_wait before actually
raising pipe->max_usage. If a pipe was full before the resize occured it
would result in the wakeup never actually triggering pipe_write.
Set @max_usage and @nr_accounted before waking writers if this isn’t a
watch queue.
[Christian Brauner <[email protected]>: rewrite to account for watch queues]
Vendor | Product | Version | CPE |
---|---|---|---|
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/pipe.c"
],
"versions": [
{
"version": "c73be61cede5",
"lessThan": "162ae0e78bda",
"status": "affected",
"versionType": "git"
},
{
"version": "c73be61cede5",
"lessThan": "3efbd114b915",
"status": "affected",
"versionType": "git"
},
{
"version": "c73be61cede5",
"lessThan": "b87a1229d866",
"status": "affected",
"versionType": "git"
},
{
"version": "c73be61cede5",
"lessThan": "68e51bdb1194",
"status": "affected",
"versionType": "git"
},
{
"version": "c73be61cede5",
"lessThan": "6fb70694f8d1",
"status": "affected",
"versionType": "git"
},
{
"version": "c73be61cede5",
"lessThan": "e95aada4cb93",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/pipe.c"
],
"versions": [
{
"version": "5.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.210",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.149",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.76",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.15",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.3",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]
git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8
git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9
git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24
git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55
git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f
git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a
lists.debian.org/debian-lts-announce/2024/06/msg00017.html