CVE-2023-52672
CVSS v3.1
7 (High)
EPSS
0.04 % (11th)
Advisories
14
NVD Status
Awaiting Analysis
In the Linux kernel, the following vulnerability has been resolved:
pipe: wakeup wr_wait after setting max_usage
Commit c73be61cede5 ("pipe: Add general notification queue support") a
regression was introduced that would lock up resized pipes under certain
conditions. See the reproducer in [1].
The commit resizing the pipe ring size was moved to a different
function, doing that moved the wakeup for pipe->wr_wait before actually
raising pipe->max_usage. If a pipe was full before the resize occured it
would result in the wakeup never actually triggering pipe_write.
Set @max_usage and @nr_accounted before waking writers if this isn't a
watch queue.
[Christian Brauner brauner@kernel.org: rewrite to account for watch queues]
Weaknesses
- CWE-400
- Uncontrolled Resource Consumption
- CVE Status
- PUBLISHED
- NVD Status
- Awaiting Analysis
- CNA
- kernel.org
- Published Date
-
2024-05-17 14:15:10
(4 months ago) - Updated Date
-
2024-07-03 01:43:44
(2 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...