CVE-2023-52672: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage Commit c73be61cede5 ("pipe: Add general notification queue support") a regression was introduced that would lock up resized pipes under certain conditions. See the reproducer in [1]. The commit resizing the pipe ring size was moved to a different function, doing that moved the wakeup for pipe->wr_wait before actually raising pipe->max_usage. If a pipe was full before the resize occured it would result in the wakeup never actually triggering pipe_write. Set @max_usage and @nr_accounted before waking writers if this isn't a watch queue. [Christian Brauner <brauner@kernel.org>: rewrite to account for watch queues]
AI Analysis
Technical Summary
CVE-2023-52672 is a high-severity vulnerability in the Linux kernel related to the pipe subsystem. The issue stems from a regression introduced by commit c73be61cede5, which added general notification queue support to pipes. Specifically, the vulnerability occurs due to improper ordering in the pipe resizing logic: the wakeup call for writers waiting on a pipe (wr_wait) was triggered before the pipe's max_usage parameter was updated. This sequencing flaw can cause a deadlock or lockup condition when a pipe is full before resizing, as the wakeup event never triggers the pipe_write operation. Consequently, processes waiting to write to the pipe may remain blocked indefinitely, leading to a denial of service (DoS) condition. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption), indicating that it can cause resource exhaustion or unavailability. The CVSS 3.1 base score is 7.0 (high), with the vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, meaning the attack requires local access with low privileges and high attack complexity, but no user interaction. The impact affects confidentiality, integrity, and availability, as the lockup can disrupt normal process communication and potentially be leveraged to escalate issues within affected systems. No known exploits are currently reported in the wild, but the vulnerability affects Linux kernel versions containing the problematic commit, which may be present in various distributions depending on their kernel update status. The fix involves reordering the update of max_usage and nr_accounted before waking writers, ensuring proper notification and avoiding the deadlock scenario.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily to systems running vulnerable Linux kernel versions, especially servers and infrastructure components relying on inter-process communication via pipes. The denial of service caused by pipe lockups can disrupt critical services, affecting availability and potentially leading to cascading failures in multi-process applications. Confidentiality and integrity impacts arise from the potential for stalled processes and resource exhaustion, which attackers might exploit to degrade system reliability or interfere with security controls. Organizations with high-dependency on Linux-based environments, including cloud providers, telecom operators, financial institutions, and public sector entities, could experience operational disruptions. The requirement for local access and low privileges means that attackers or malicious insiders with limited system access could trigger the issue, emphasizing the need for strict access controls and monitoring. Although no exploits are currently known, the presence of this vulnerability in widely deployed Linux kernels means that timely patching is critical to prevent future exploitation attempts. The impact is heightened in environments where uptime and service continuity are paramount, such as healthcare, critical infrastructure, and industrial control systems prevalent in Europe.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patches that reorder the wakeup and max_usage updates to prevent the deadlock condition. Monitor vendor advisories for distribution-specific updates (e.g., Debian, Ubuntu, Red Hat, SUSE). 2. Conduct thorough inventory and version assessment of Linux kernels in use across the organization to identify vulnerable systems. 3. Restrict local access to critical Linux systems by enforcing strict user permissions, multi-factor authentication, and minimizing the number of users with shell access. 4. Implement monitoring and alerting for unusual pipe-related system behavior, such as processes stuck in uninterruptible sleep states or unexpected resource consumption patterns. 5. Employ kernel live patching solutions where available to reduce downtime during patch deployment. 6. Harden system configurations to limit the impact of potential denial of service, including resource limits (ulimits) and cgroup constraints to isolate processes. 7. Educate system administrators about this vulnerability and the importance of timely patching and monitoring for local privilege escalation or denial of service attempts. 8. In environments where patching is delayed, consider temporary mitigations such as restricting untrusted local code execution and isolating critical services.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Poland, Belgium, Finland
CVE-2023-52672: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage Commit c73be61cede5 ("pipe: Add general notification queue support") a regression was introduced that would lock up resized pipes under certain conditions. See the reproducer in [1]. The commit resizing the pipe ring size was moved to a different function, doing that moved the wakeup for pipe->wr_wait before actually raising pipe->max_usage. If a pipe was full before the resize occured it would result in the wakeup never actually triggering pipe_write. Set @max_usage and @nr_accounted before waking writers if this isn't a watch queue. [Christian Brauner <brauner@kernel.org>: rewrite to account for watch queues]
AI-Powered Analysis
Technical Analysis
CVE-2023-52672 is a high-severity vulnerability in the Linux kernel related to the pipe subsystem. The issue stems from a regression introduced by commit c73be61cede5, which added general notification queue support to pipes. Specifically, the vulnerability occurs due to improper ordering in the pipe resizing logic: the wakeup call for writers waiting on a pipe (wr_wait) was triggered before the pipe's max_usage parameter was updated. This sequencing flaw can cause a deadlock or lockup condition when a pipe is full before resizing, as the wakeup event never triggers the pipe_write operation. Consequently, processes waiting to write to the pipe may remain blocked indefinitely, leading to a denial of service (DoS) condition. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption), indicating that it can cause resource exhaustion or unavailability. The CVSS 3.1 base score is 7.0 (high), with the vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, meaning the attack requires local access with low privileges and high attack complexity, but no user interaction. The impact affects confidentiality, integrity, and availability, as the lockup can disrupt normal process communication and potentially be leveraged to escalate issues within affected systems. No known exploits are currently reported in the wild, but the vulnerability affects Linux kernel versions containing the problematic commit, which may be present in various distributions depending on their kernel update status. The fix involves reordering the update of max_usage and nr_accounted before waking writers, ensuring proper notification and avoiding the deadlock scenario.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily to systems running vulnerable Linux kernel versions, especially servers and infrastructure components relying on inter-process communication via pipes. The denial of service caused by pipe lockups can disrupt critical services, affecting availability and potentially leading to cascading failures in multi-process applications. Confidentiality and integrity impacts arise from the potential for stalled processes and resource exhaustion, which attackers might exploit to degrade system reliability or interfere with security controls. Organizations with high-dependency on Linux-based environments, including cloud providers, telecom operators, financial institutions, and public sector entities, could experience operational disruptions. The requirement for local access and low privileges means that attackers or malicious insiders with limited system access could trigger the issue, emphasizing the need for strict access controls and monitoring. Although no exploits are currently known, the presence of this vulnerability in widely deployed Linux kernels means that timely patching is critical to prevent future exploitation attempts. The impact is heightened in environments where uptime and service continuity are paramount, such as healthcare, critical infrastructure, and industrial control systems prevalent in Europe.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patches that reorder the wakeup and max_usage updates to prevent the deadlock condition. Monitor vendor advisories for distribution-specific updates (e.g., Debian, Ubuntu, Red Hat, SUSE). 2. Conduct thorough inventory and version assessment of Linux kernels in use across the organization to identify vulnerable systems. 3. Restrict local access to critical Linux systems by enforcing strict user permissions, multi-factor authentication, and minimizing the number of users with shell access. 4. Implement monitoring and alerting for unusual pipe-related system behavior, such as processes stuck in uninterruptible sleep states or unexpected resource consumption patterns. 5. Employ kernel live patching solutions where available to reduce downtime during patch deployment. 6. Harden system configurations to limit the impact of potential denial of service, including resource limits (ulimits) and cgroup constraints to isolate processes. 7. Educate system administrators about this vulnerability and the importance of timely patching and monitoring for local privilege escalation or denial of service attempts. 8. In environments where patching is delayed, consider temporary mitigations such as restricting untrusted local code execution and isolating critical services.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-07T14:49:46.886Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe7270
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/3/2025, 3:56:24 AM
Last updated: 8/1/2025, 6:17:59 PM
Views: 11
Related Threats
CVE-2025-2713: CWE-269 Improper Privilege Management in Google gVisor
MediumCVE-2025-8916: CWE-770 Allocation of Resources Without Limits or Throttling in Legion of the Bouncy Castle Inc. Bouncy Castle for Java
MediumCVE-2025-8914: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in WellChoose Organization Portal System
HighCVE-2025-8913: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in WellChoose Organization Portal System
CriticalCVE-2025-8912: CWE-36 Absolute Path Traversal in WellChoose Organization Portal System
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.