CVE-2023-52672 pipe: wakeup wr_wait after setting max_usage

2024-05-1714:02:10

Linux

github.com

linux kernel

vulnerability resolved

resized pipes

AI Score

7.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

In the Linux kernel, the following vulnerability has been resolved:

pipe: wakeup wr_wait after setting max_usage

Commit c73be61cede5 (“pipe: Add general notification queue support”) a
regression was introduced that would lock up resized pipes under certain
conditions. See the reproducer in [1].

The commit resizing the pipe ring size was moved to a different
function, doing that moved the wakeup for pipe->wr_wait before actually
raising pipe->max_usage. If a pipe was full before the resize occured it
would result in the wakeup never actually triggering pipe_write.

Set @max_usage and @nr_accounted before waking writers if this isn’t a
watch queue.

[Christian Brauner <[email protected]>: rewrite to account for watch queues]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "affected",
        "version": "c73be61cede5",
        "lessThan": "162ae0e78bda",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "affected",
        "version": "c73be61cede5",
        "lessThan": "3efbd114b915",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "affected",
        "version": "c73be61cede5",
        "lessThan": "b87a1229d866",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "affected",
        "version": "c73be61cede5",
        "lessThan": "68e51bdb1194",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "affected",
        "version": "c73be61cede5",
        "lessThan": "6fb70694f8d1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "affected",
        "version": "c73be61cede5",
        "lessThan": "e95aada4cb93",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "affected",
        "version": "5.8"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "unaffected",
        "version": "0",
        "lessThan": "5.8",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "unaffected",
        "version": "5.10.210",
        "versionType": "custom",
        "lessThanOrEqual": "5.11"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "unaffected",
        "version": "5.15.149",
        "versionType": "custom",
        "lessThanOrEqual": "5.16"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "unaffected",
        "version": "6.1.76",
        "versionType": "custom",
        "lessThanOrEqual": "6.2"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "unaffected",
        "version": "6.6.15",
        "versionType": "custom",
        "lessThanOrEqual": "6.7"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "unaffected",
        "version": "6.7.3",
        "versionType": "custom",
        "lessThanOrEqual": "6.8"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
    ],
    "vendor": "linux",
    "product": "linux_kernel",
    "versions": [
      {
        "status": "unaffected",
        "version": "6.8"
      }
    ],
    "defaultStatus": "unknown"
  }
]