CVE-2024-50040

igb: Do not bring the device up after non-fatal error

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved:

igb: Do not bring the device up after non-fatal error

Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal")
changed igb_io_error_detected() to ignore non-fatal pcie errors in order
to avoid hung task that can happen when igb_down() is called multiple
times. This caused an issue when processing transient non-fatal errors.
igb_io_resume(), which is called after igb_io_error_detected(), assumes
that device is brought down by igb_io_error_detected() if the interface
is up. This resulted in panic with stacktrace below.

[ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down
[ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0
[ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID)
[ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000
[ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000
[ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message
[ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported.
[ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message
[ T292] pcieport 0000:00:1c.5: AER: broadcast resume message
[ T292] ------------[ cut here ]------------
[ T292] kernel BUG at net/core/dev.c:6539!
[ T292] invalid opcode: 0000 [#1] PREEMPT SMP
[ T292] RIP: 0010:napi_enable+0x37/0x40
[ T292] Call Trace:
[ T292] <TASK>
[ T292] ? die+0x33/0x90
[ T292] ? do_trap+0xdc/0x110
[ T292] ? napi_enable+0x37/0x40
[ T292] ? do_error_trap+0x70/0xb0
[ T292] ? napi_enable+0x37/0x40
[ T292] ? napi_enable+0x37/0x40
[ T292] ? exc_invalid_op+0x4e/0x70
[ T292] ? napi_enable+0x37/0x40
[ T292] ? asm_exc_invalid_op+0x16/0x20
[ T292] ? napi_enable+0x37/0x40
[ T292] igb_up+0x41/0x150
[ T292] igb_io_resume+0x25/0x70
[ T292] report_resume+0x54/0x70
[ T292] ? report_frozen_detected+0x20/0x20
[ T292] pci_walk_bus+0x6c/0x90
[ T292] ? aer_print_port_info+0xa0/0xa0
[ T292] pcie_do_recovery+0x22f/0x380
[ T292] aer_process_err_devices+0x110/0x160
[ T292] aer_isr+0x1c1/0x1e0
[ T292] ? disable_irq_nosync+0x10/0x10
[ T292] irq_thread_fn+0x1a/0x60
[ T292] irq_thread+0xe3/0x1a0
[ T292] ? irq_set_affinity_notifier+0x120/0x120
[ T292] ? irq_affinity_notify+0x100/0x100
[ T292] kthread+0xe2/0x110
[ T292] ? kthread_complete_and_exit+0x20/0x20
[ T292] ret_from_fork+0x2d/0x50
[ T292] ? kthread_complete_and_exit+0x20/0x20
[ T292] ret_from_fork_asm+0x11/0x20
[ T292] </TASK>

To fix this issue igb_io_resume() checks if the interface is running and
the device is not down this means igb_io_error_detected() did not bring
the device down and there is no need to bring it up.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-10-21 CVE Published
2024-10-26 EPSS Updated
2024-11-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (16)

URL	Tag	Source
https://git.kernel.org/stable/c/124e39a734cb90658b8f0dc110847bbfc6e33792	Vuln. Introduced
https://git.kernel.org/stable/c/c9f56f3c7bc908caa772112d3ae71cdd5d18c257	Vuln. Introduced
https://git.kernel.org/stable/c/994c2ceb70ea99264ccc6f09e6703ca267dad63c	Vuln. Introduced
https://git.kernel.org/stable/c/fa92c463eba75dcedbd8d689ffdcb83293aaa0c3	Vuln. Introduced
https://git.kernel.org/stable/c/39695e87d86f0e7d897fba1d2559f825aa20caeb	Vuln. Introduced
https://git.kernel.org/stable/c/004d25060c78fc31f66da0fa439c544dda1ac9d5	Vuln. Introduced
https://git.kernel.org/stable/c/c2312e1d12b1c3ee4100c173131b102e2aed4d04	Vuln. Introduced
https://git.kernel.org/stable/c/41f63b72a01c0e0ac59ab83fd2d921fcce0f602d	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/dca2ca65a8695d9593e2cf1b40848e073ad75413	2024-11-08
https://git.kernel.org/stable/c/c92cbd283ddcf55fd85a9a9b0ba13298213f3dd7	2024-11-08
https://git.kernel.org/stable/c/d79af3af2f49c6aae9add3d492c04d60c1b85ce4	2024-10-17
https://git.kernel.org/stable/c/0a94079e3841d00ea5abb05e3233d019a86745f6	2024-10-17
https://git.kernel.org/stable/c/6a39c8f5c8aae74c5ab2ba466791f59ffaab0178	2024-10-17
https://git.kernel.org/stable/c/57c5053eaa5f9a8a99e34732e37a86615318e464	2024-10-17
https://git.kernel.org/stable/c/500be93c5d53b7e2c5314292012185f0207bad0c	2024-10-17
https://git.kernel.org/stable/c/330a699ecbfc9c26ec92c6310686da1230b4e7eb	2024-10-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.291 < 4.19.323 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.291 < 4.19.323"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.251 < 5.4.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.251 < 5.4.285"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.188 < 5.10.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.188 < 5.10.227"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.150 < 5.15.168 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.150 < 5.15.168"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.42 < 6.1.113 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.42 < 6.1.113"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.6.57 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.6.57"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.11.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.11.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.14.322 Search vendor "Linux" for product "Linux Kernel" and version "4.14.322"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.4.7 Search vendor "Linux" for product "Linux Kernel" and version "6.4.7"		en		Affected