ghsa-8cq6-j877-45ff
Vulnerability from github
Published
2024-10-21 21:30
Modified
2024-11-08 18:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

igb: Do not bring the device up after non-fatal error

Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal") changed igb_io_error_detected() to ignore non-fatal pcie errors in order to avoid hung task that can happen when igb_down() is called multiple times. This caused an issue when processing transient non-fatal errors. igb_io_resume(), which is called after igb_io_error_detected(), assumes that device is brought down by igb_io_error_detected() if the interface is up. This resulted in panic with stacktrace below.

[ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down [ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0 [ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID) [ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000 [ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000 [ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message [ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported. [ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message [ T292] pcieport 0000:00:1c.5: AER: broadcast resume message [ T292] ------------[ cut here ]------------ [ T292] kernel BUG at net/core/dev.c:6539! [ T292] invalid opcode: 0000 [#1] PREEMPT SMP [ T292] RIP: 0010:napi_enable+0x37/0x40 [ T292] Call Trace: [ T292] [ T292] ? die+0x33/0x90 [ T292] ? do_trap+0xdc/0x110 [ T292] ? napi_enable+0x37/0x40 [ T292] ? do_error_trap+0x70/0xb0 [ T292] ? napi_enable+0x37/0x40 [ T292] ? napi_enable+0x37/0x40 [ T292] ? exc_invalid_op+0x4e/0x70 [ T292] ? napi_enable+0x37/0x40 [ T292] ? asm_exc_invalid_op+0x16/0x20 [ T292] ? napi_enable+0x37/0x40 [ T292] igb_up+0x41/0x150 [ T292] igb_io_resume+0x25/0x70 [ T292] report_resume+0x54/0x70 [ T292] ? report_frozen_detected+0x20/0x20 [ T292] pci_walk_bus+0x6c/0x90 [ T292] ? aer_print_port_info+0xa0/0xa0 [ T292] pcie_do_recovery+0x22f/0x380 [ T292] aer_process_err_devices+0x110/0x160 [ T292] aer_isr+0x1c1/0x1e0 [ T292] ? disable_irq_nosync+0x10/0x10 [ T292] irq_thread_fn+0x1a/0x60 [ T292] irq_thread+0xe3/0x1a0 [ T292] ? irq_set_affinity_notifier+0x120/0x120 [ T292] ? irq_affinity_notify+0x100/0x100 [ T292] kthread+0xe2/0x110 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork+0x2d/0x50 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork_asm+0x11/0x20 [ T292]

To fix this issue igb_io_resume() checks if the interface is running and the device is not down this means igb_io_error_detected() did not bring the device down and there is no need to bring it up.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-50040"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T20:15:17Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Do not bring the device up after non-fatal error\n\nCommit 004d25060c78 (\"igb: Fix igb_down hung on surprise removal\")\nchanged igb_io_error_detected() to ignore non-fatal pcie errors in order\nto avoid hung task that can happen when igb_down() is called multiple\ntimes. This caused an issue when processing transient non-fatal errors.\nigb_io_resume(), which is called after igb_io_error_detected(), assumes\nthat device is brought down by igb_io_error_detected() if the interface\nis up. This resulted in panic with stacktrace below.\n\n[ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down\n[  T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0\n[  T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)\n[  T292] igb 0000:09:00.0:   device [8086:1537] error status/mask=00004000/00000000\n[  T292] igb 0000:09:00.0:    [14] CmpltTO [  200.105524,009][  T292] igb 0000:09:00.0: AER:   TLP Header: 00000000 00000000 00000000 00000000\n[  T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message\n[  T292] igb 0000:09:00.0: Non-correctable non-fatal error reported.\n[  T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message\n[  T292] pcieport 0000:00:1c.5: AER: broadcast resume message\n[  T292] ------------[ cut here ]------------\n[  T292] kernel BUG at net/core/dev.c:6539!\n[  T292] invalid opcode: 0000 [#1] PREEMPT SMP\n[  T292] RIP: 0010:napi_enable+0x37/0x40\n[  T292] Call Trace:\n[  T292]  \u003cTASK\u003e\n[  T292]  ? die+0x33/0x90\n[  T292]  ? do_trap+0xdc/0x110\n[  T292]  ? napi_enable+0x37/0x40\n[  T292]  ? do_error_trap+0x70/0xb0\n[  T292]  ? napi_enable+0x37/0x40\n[  T292]  ? napi_enable+0x37/0x40\n[  T292]  ? exc_invalid_op+0x4e/0x70\n[  T292]  ? napi_enable+0x37/0x40\n[  T292]  ? asm_exc_invalid_op+0x16/0x20\n[  T292]  ? napi_enable+0x37/0x40\n[  T292]  igb_up+0x41/0x150\n[  T292]  igb_io_resume+0x25/0x70\n[  T292]  report_resume+0x54/0x70\n[  T292]  ? report_frozen_detected+0x20/0x20\n[  T292]  pci_walk_bus+0x6c/0x90\n[  T292]  ? aer_print_port_info+0xa0/0xa0\n[  T292]  pcie_do_recovery+0x22f/0x380\n[  T292]  aer_process_err_devices+0x110/0x160\n[  T292]  aer_isr+0x1c1/0x1e0\n[  T292]  ? disable_irq_nosync+0x10/0x10\n[  T292]  irq_thread_fn+0x1a/0x60\n[  T292]  irq_thread+0xe3/0x1a0\n[  T292]  ? irq_set_affinity_notifier+0x120/0x120\n[  T292]  ? irq_affinity_notify+0x100/0x100\n[  T292]  kthread+0xe2/0x110\n[  T292]  ? kthread_complete_and_exit+0x20/0x20\n[  T292]  ret_from_fork+0x2d/0x50\n[  T292]  ? kthread_complete_and_exit+0x20/0x20\n[  T292]  ret_from_fork_asm+0x11/0x20\n[  T292]  \u003c/TASK\u003e\n\nTo fix this issue igb_io_resume() checks if the interface is running and\nthe device is not down this means igb_io_error_detected() did not bring\nthe device down and there is no need to bring it up.",
  "id": "GHSA-8cq6-j877-45ff",
  "modified": "2024-11-08T18:30:46Z",
  "published": "2024-10-21T21:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50040"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0a94079e3841d00ea5abb05e3233d019a86745f6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/330a699ecbfc9c26ec92c6310686da1230b4e7eb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/500be93c5d53b7e2c5314292012185f0207bad0c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/57c5053eaa5f9a8a99e34732e37a86615318e464"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6a39c8f5c8aae74c5ab2ba466791f59ffaab0178"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c92cbd283ddcf55fd85a9a9b0ba13298213f3dd7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d79af3af2f49c6aae9add3d492c04d60c1b85ce4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dca2ca65a8695d9593e2cf1b40848e073ad75413"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.