lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025091552-CVE-2023-53148-e1b8@gregkh>
Date: Mon, 15 Sep 2025 16:02:11 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2023-53148: igb: Fix igb_down hung on surprise removal

From: Greg Kroah-Hartman <gregkh@...nel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

igb: Fix igb_down hung on surprise removal

In a setup where a Thunderbolt hub connects to Ethernet and a display
through USB Type-C, users may experience a hung task timeout when they
remove the cable between the PC and the Thunderbolt hub.
This is because the igb_down function is called multiple times when
the Thunderbolt hub is unplugged. For example, the igb_io_error_detected
triggers the first call, and the igb_remove triggers the second call.
The second call to igb_down will block at napi_synchronize.
Here's the call trace:
    __schedule+0x3b0/0xddb
    ? __mod_timer+0x164/0x5d3
    schedule+0x44/0xa8
    schedule_timeout+0xb2/0x2a4
    ? run_local_timers+0x4e/0x4e
    msleep+0x31/0x38
    igb_down+0x12c/0x22a [igb 6615058754948bfde0bf01429257eb59f13030d4]
    __igb_close+0x6f/0x9c [igb 6615058754948bfde0bf01429257eb59f13030d4]
    igb_close+0x23/0x2b [igb 6615058754948bfde0bf01429257eb59f13030d4]
    __dev_close_many+0x95/0xec
    dev_close_many+0x6e/0x103
    unregister_netdevice_many+0x105/0x5b1
    unregister_netdevice_queue+0xc2/0x10d
    unregister_netdev+0x1c/0x23
    igb_remove+0xa7/0x11c [igb 6615058754948bfde0bf01429257eb59f13030d4]
    pci_device_remove+0x3f/0x9c
    device_release_driver_internal+0xfe/0x1b4
    pci_stop_bus_device+0x5b/0x7f
    pci_stop_bus_device+0x30/0x7f
    pci_stop_bus_device+0x30/0x7f
    pci_stop_and_remove_bus_device+0x12/0x19
    pciehp_unconfigure_device+0x76/0xe9
    pciehp_disable_slot+0x6e/0x131
    pciehp_handle_presence_or_link_change+0x7a/0x3f7
    pciehp_ist+0xbe/0x194
    irq_thread_fn+0x22/0x4d
    ? irq_thread+0x1fd/0x1fd
    irq_thread+0x17b/0x1fd
    ? irq_forced_thread_fn+0x5f/0x5f
    kthread+0x142/0x153
    ? __irq_get_irqchip_state+0x46/0x46
    ? kthread_associate_blkcg+0x71/0x71
    ret_from_fork+0x1f/0x30

In this case, igb_io_error_detected detaches the network interface
and requests a PCIE slot reset, however, the PCIE reset callback is
not being invoked and thus the Ethernet connection breaks down.
As the PCIE error in this case is a non-fatal one, requesting a
slot reset can be avoided.
This patch fixes the task hung issue and preserves Ethernet
connection by ignoring non-fatal PCIE errors.

The Linux kernel CVE team has assigned CVE-2023-53148 to this issue.


Affected and fixed versions
===========================

	Fixed in 4.14.322 with commit c2312e1d12b1c3ee4100c173131b102e2aed4d04
	Fixed in 4.19.291 with commit 124e39a734cb90658b8f0dc110847bbfc6e33792
	Fixed in 5.4.251 with commit c9f56f3c7bc908caa772112d3ae71cdd5d18c257
	Fixed in 5.10.188 with commit 994c2ceb70ea99264ccc6f09e6703ca267dad63c
	Fixed in 5.15.150 with commit fa92c463eba75dcedbd8d689ffdcb83293aaa0c3
	Fixed in 6.1.42 with commit 39695e87d86f0e7d897fba1d2559f825aa20caeb
	Fixed in 6.4.7 with commit 41f63b72a01c0e0ac59ab83fd2d921fcce0f602d
	Fixed in 6.5 with commit 004d25060c78fc31f66da0fa439c544dda1ac9d5

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-53148
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/net/ethernet/intel/igb/igb_main.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/c2312e1d12b1c3ee4100c173131b102e2aed4d04
	https://git.kernel.org/stable/c/124e39a734cb90658b8f0dc110847bbfc6e33792
	https://git.kernel.org/stable/c/c9f56f3c7bc908caa772112d3ae71cdd5d18c257
	https://git.kernel.org/stable/c/994c2ceb70ea99264ccc6f09e6703ca267dad63c
	https://git.kernel.org/stable/c/fa92c463eba75dcedbd8d689ffdcb83293aaa0c3
	https://git.kernel.org/stable/c/39695e87d86f0e7d897fba1d2559f825aa20caeb
	https://git.kernel.org/stable/c/41f63b72a01c0e0ac59ab83fd2d921fcce0f602d
	https://git.kernel.org/stable/c/004d25060c78fc31f66da0fa439c544dda1ac9d5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ