416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2023-52672CVE-2023-52672
In the Linux kernel, the following vulnerability has been resolved:
pipe: wakeup wr_wait after setting max_usage
Commit c73be61cede5 (“pipe: Add general notification queue support”) a
regression was introduced that would lock up resized pipes under certain
conditions. See the reproducer in [1].
The commit resizing the pipe ring size was moved to a different
function, doing that moved the wakeup for pipe->wr_wait before actually
raising pipe->max_usage. If a pipe was full before the resize occured it
would result in the wakeup never actually triggering pipe_write.
Set @max_usage and @nr_accounted before waking writers if this isn’t a
watch queue.
[Christian Brauner <[email protected]>: rewrite to account for watch queues]
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/pipe.c"
],
"versions": [
{
"version": "c73be61cede5",
"lessThan": "162ae0e78bda",
"status": "affected",
"versionType": "git"
},
{
"version": "c73be61cede5",
"lessThan": "3efbd114b915",
"status": "affected",
"versionType": "git"
},
{
"version": "c73be61cede5",
"lessThan": "b87a1229d866",
"status": "affected",
"versionType": "git"
},
{
"version": "c73be61cede5",
"lessThan": "68e51bdb1194",
"status": "affected",
"versionType": "git"
},
{
"version": "c73be61cede5",
"lessThan": "6fb70694f8d1",
"status": "affected",
"versionType": "git"
},
{
"version": "c73be61cede5",
"lessThan": "e95aada4cb93",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"fs/pipe.c"
],
"versions": [
{
"version": "5.8",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.8",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.210",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.149",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.76",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.15",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.3",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]References
git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8
git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9
git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24
git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55
git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f
git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a
Related
