We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-50040

igb: Do not bring the device up after non-fatal error



AssignerLinux
Reserved2024-10-21
Published2024-10-21
Updated2024-11-08

Description

In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal") changed igb_io_error_detected() to ignore non-fatal pcie errors in order to avoid hung task that can happen when igb_down() is called multiple times. This caused an issue when processing transient non-fatal errors. igb_io_resume(), which is called after igb_io_error_detected(), assumes that device is brought down by igb_io_error_detected() if the interface is up. This resulted in panic with stacktrace below. [ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down [ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0 [ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID) [ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000 [ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000 [ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message [ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported. [ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message [ T292] pcieport 0000:00:1c.5: AER: broadcast resume message [ T292] ------------[ cut here ]------------ [ T292] kernel BUG at net/core/dev.c:6539! [ T292] invalid opcode: 0000 [#1] PREEMPT SMP [ T292] RIP: 0010:napi_enable+0x37/0x40 [ T292] Call Trace: [ T292] <TASK> [ T292] ? die+0x33/0x90 [ T292] ? do_trap+0xdc/0x110 [ T292] ? napi_enable+0x37/0x40 [ T292] ? do_error_trap+0x70/0xb0 [ T292] ? napi_enable+0x37/0x40 [ T292] ? napi_enable+0x37/0x40 [ T292] ? exc_invalid_op+0x4e/0x70 [ T292] ? napi_enable+0x37/0x40 [ T292] ? asm_exc_invalid_op+0x16/0x20 [ T292] ? napi_enable+0x37/0x40 [ T292] igb_up+0x41/0x150 [ T292] igb_io_resume+0x25/0x70 [ T292] report_resume+0x54/0x70 [ T292] ? report_frozen_detected+0x20/0x20 [ T292] pci_walk_bus+0x6c/0x90 [ T292] ? aer_print_port_info+0xa0/0xa0 [ T292] pcie_do_recovery+0x22f/0x380 [ T292] aer_process_err_devices+0x110/0x160 [ T292] aer_isr+0x1c1/0x1e0 [ T292] ? disable_irq_nosync+0x10/0x10 [ T292] irq_thread_fn+0x1a/0x60 [ T292] irq_thread+0xe3/0x1a0 [ T292] ? irq_set_affinity_notifier+0x120/0x120 [ T292] ? irq_affinity_notify+0x100/0x100 [ T292] kthread+0xe2/0x110 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork+0x2d/0x50 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork_asm+0x11/0x20 [ T292] </TASK> To fix this issue igb_io_resume() checks if the interface is running and the device is not down this means igb_io_error_detected() did not bring the device down and there is no need to bring it up.

Product status

Default status
unaffected

124e39a734cb before dca2ca65a869
affected

c9f56f3c7bc9 before c92cbd283ddc
affected

994c2ceb70ea before d79af3af2f49
affected

fa92c463eba7 before 0a94079e3841
affected

39695e87d86f before 6a39c8f5c8aa
affected

004d25060c78 before 57c5053eaa5f
affected

004d25060c78 before 500be93c5d53
affected

004d25060c78 before 330a699ecbfc
affected

Default status
affected

6.5
affected

Any version before 6.5
unaffected

4.19.323
unaffected

5.4.285
unaffected

5.10.227
unaffected

5.15.168
unaffected

6.1.113
unaffected

6.6.57
unaffected

6.11.4
unaffected

6.12-rc3
unaffected

References

https://git.kernel.org/stable/c/dca2ca65a8695d9593e2cf1b40848e073ad75413

https://git.kernel.org/stable/c/c92cbd283ddcf55fd85a9a9b0ba13298213f3dd7

https://git.kernel.org/stable/c/d79af3af2f49c6aae9add3d492c04d60c1b85ce4

https://git.kernel.org/stable/c/0a94079e3841d00ea5abb05e3233d019a86745f6

https://git.kernel.org/stable/c/6a39c8f5c8aae74c5ab2ba466791f59ffaab0178

https://git.kernel.org/stable/c/57c5053eaa5f9a8a99e34732e37a86615318e464

https://git.kernel.org/stable/c/500be93c5d53b7e2c5314292012185f0207bad0c

https://git.kernel.org/stable/c/330a699ecbfc9c26ec92c6310686da1230b4e7eb

cve.org CVE-2024-50040

nvd.nist.gov CVE-2024-50040

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-50040
Subscribe to our newsletter to learn more about our work.