CVE-2025-23138: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-23138 is a vulnerability in the Linux kernel's watchqueue mechanism, discovered and disclosed on April 16, 2025. The vulnerability affects the pipe buffer accounting system in the Linux kernel, specifically in the watchqueuesetsize() function (NVD, Red Hat).

The vulnerability occurs when watchqueuesetsize() modifies the pipe buffers charged to user->pipebufs without updating the pipe->nraccounted on the pipe itself, due to the if (!pipehaswatchqueue()) test in piperesizering(). This mismatch in accounting can lead to an underflow condition when the pipe is freed. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

When the pipe is ultimately freed, the system decrements user->pipebufs by a value different from what was initially charged, potentially leading to an underflow condition. This can cause subsequent toomanypipebuffers_soft() tests to fail with -EPERM errors (NVD).

The fix involves explicitly accounting for the pipe usage in watchqueuesetsize() to match the number set via accountpipe_buffers(). Red Hat Enterprise Linux 9 has deferred the fix for both kernel and kernel-rt packages (Red Hat).