{"vulnerability": "CVE-2025-23138", "sightings": [{"uuid": "4881b14c-f45c-4e06-a21e-b8eea6bb34d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23138", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114348624612186773", "content": "", "creation_timestamp": "2025-04-16T16:39:03.027679Z"}, {"uuid": "94e97a61-e1be-4ad5-9cd8-09e6e422ab9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23138", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14800", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23138\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nwatch_queue: fix pipe accounting mismatch\n\nCurrently, watch_queue_set_size() modifies the pipe buffers charged to\nuser->pipe_bufs without updating the pipe->nr_accounted on the pipe\nitself, due to the if (!pipe_has_watch_queue()) test in\npipe_resize_ring(). This means that when the pipe is ultimately freed,\nwe decrement user->pipe_bufs by something other than what than we had\ncharged to it, potentially leading to an underflow. This in turn can\ncause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM.\n\nTo remedy this, explicitly account for the pipe usage in\nwatch_queue_set_size() to match the number set via account_pipe_buffers()\n\n(It's unclear why watch_queue_set_size() does not update nr_accounted;\nit may be due to intentional overprovisioning in watch_queue_set_size()?)\n\ud83d\udccf Published: 2025-04-16T14:13:17.866Z\n\ud83d\udccf Modified: 2025-05-04T13:07:07.800Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/8658c75343ed00e5e154ebbe24335f51ba8db547\n2. https://git.kernel.org/stable/c/471c89b7d4f58bd6082f7c1fe14d4ca15c7f1284\n3. https://git.kernel.org/stable/c/d40e3537265dea9e3c33021874437ff26dc18787\n4. https://git.kernel.org/stable/c/6dafa27764183738dc5368b669b71e3d0d154f12\n5. https://git.kernel.org/stable/c/56ec918e6c86c1536870e4373e91eddd0c44245f\n6. https://git.kernel.org/stable/c/2d680b988656bb556c863d8b46d9b9096842bf3d\n7. https://git.kernel.org/stable/c/205028ebba838938d3b264dda1d0708fa7fe1ade\n8. https://git.kernel.org/stable/c/f13abc1e8e1a3b7455511c4e122750127f6bc9b0", "creation_timestamp": "2025-05-04T13:18:44.000000Z"}, {"uuid": "34a066f5-6d5a-4c53-bb98-0a8cac527949", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23138", "type": "seen", "source": "https://bsky.app/profile/omo.bsky.social/post/3lnafpwdvic2b", "content": "", "creation_timestamp": "2025-04-20T10:07:40.518605Z"}, {"uuid": "457dd838-c615-4ee9-ab72-fa0af897e863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23138", "type": "seen", "source": "https://t.me/cvedetector/23111", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23138 - Linux Kernel Pipe Buffer Underflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23138 \nPublished : April 16, 2025, 3:16 p.m. | 23\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nwatch_queue: fix pipe accounting mismatch  \n  \nCurrently, watch_queue_set_size() modifies the pipe buffers charged to  \nuser->pipe_bufs without updating the pipe->nr_accounted on the pipe  \nitself, due to the if (!pipe_has_watch_queue()) test in  \npipe_resize_ring(). This means that when the pipe is ultimately freed,  \nwe decrement user->pipe_bufs by something other than what than we had  \ncharged to it, potentially leading to an underflow. This in turn can  \ncause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM.  \n  \nTo remedy this, explicitly account for the pipe usage in  \nwatch_queue_set_size() to match the number set via account_pipe_buffers()  \n  \n(It's unclear why watch_queue_set_size() does not update nr_accounted;  \nit may be due to intentional overprovisioning in watch_queue_set_size()?) \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T17:43:31.000000Z"}]}